1 /*
2 * Copyright (c) 1983 Eric P. Allman
3 * Copyright (c) 1988 Regents of the University of California.
4 * All rights reserved.
5 *
6 * %sccs.include.redist.c%
7 */
8
9 #ifndef lint
10 static char sccsid[] = "@(#)deliver.c 5.40 (Berkeley) 03/12/91";
11 #endif /* not lint */
12
13 #include "sendmail.h"
14 #include <sys/signal.h>
15 #include <sys/stat.h>
16 #include <netdb.h>
17 #include <fcntl.h>
18 #include <errno.h>
19 #ifdef NAMED_BIND
20 #include <arpa/nameser.h>
21 #include <resolv.h>
22 #endif
23
24 /*
25 ** DELIVER -- Deliver a message to a list of addresses.
26 **
27 ** This routine delivers to everyone on the same host as the
28 ** user on the head of the list. It is clever about mailers
29 ** that don't handle multiple users. It is NOT guaranteed
30 ** that it will deliver to all these addresses however -- so
31 ** deliver should be called once for each address on the
32 ** list.
33 **
34 ** Parameters:
35 ** e -- the envelope to deliver.
36 ** firstto -- head of the address list to deliver to.
37 **
38 ** Returns:
39 ** zero -- successfully delivered.
40 ** else -- some failure, see ExitStat for more info.
41 **
42 ** Side Effects:
43 ** The standard input is passed off to someone.
44 */
45
46 deliver(e, firstto)
47 register ENVELOPE *e;
48 ADDRESS *firstto;
49 {
50 char *host; /* host being sent to */
51 char *user; /* user being sent to */
52 char **pvp;
53 register char **mvp;
54 register char *p;
55 register MAILER *m; /* mailer for this recipient */
56 ADDRESS *ctladdr;
57 register ADDRESS *to = firstto;
58 bool clever = FALSE; /* running user smtp to this mailer */
59 ADDRESS *tochain = NULL; /* chain of users in this mailer call */
60 int rcode; /* response code */
61 char *pv[MAXPV+1];
62 char tobuf[MAXLINE-50]; /* text line of to people */
63 char buf[MAXNAME];
64 char tfrombuf[MAXNAME]; /* translated from person */
65 extern bool checkcompat();
66 extern ADDRESS *getctladdr();
67 extern char *remotename();
68
69 errno = 0;
70 if (bitset(QDONTSEND, to->q_flags))
71 return (0);
72
73 #ifdef NAMED_BIND
74 /* unless interactive, try twice, over a minute */
75 if (OpMode == MD_DAEMON || OpMode == MD_SMTP) {
76 _res.retrans = 30;
77 _res.retry = 2;
78 }
79 #endif
80
81 m = to->q_mailer;
82 host = to->q_host;
83
84 if (tTd(10, 1))
85 printf("\n--deliver, mailer=%d, host=`%s', first user=`%s'\n",
86 m->m_mno, host, to->q_user);
87
88 /*
89 ** If this mailer is expensive, and if we don't want to make
90 ** connections now, just mark these addresses and return.
91 ** This is useful if we want to batch connections to
92 ** reduce load. This will cause the messages to be
93 ** queued up, and a daemon will come along to send the
94 ** messages later.
95 ** This should be on a per-mailer basis.
96 */
97
98 if (NoConnect && !QueueRun && bitnset(M_EXPENSIVE, m->m_flags) &&
99 !Verbose)
100 {
101 for (; to != NULL; to = to->q_next)
102 {
103 if (bitset(QDONTSEND, to->q_flags) || to->q_mailer != m)
104 continue;
105 to->q_flags |= QQUEUEUP|QDONTSEND;
106 e->e_to = to->q_paddr;
107 message(Arpa_Info, "queued");
108 if (LogLevel > 4)
109 logdelivery("queued");
110 }
111 e->e_to = NULL;
112 return (0);
113 }
114
115 /*
116 ** Do initial argv setup.
117 ** Insert the mailer name. Notice that $x expansion is
118 ** NOT done on the mailer name. Then, if the mailer has
119 ** a picky -f flag, we insert it as appropriate. This
120 ** code does not check for 'pv' overflow; this places a
121 ** manifest lower limit of 4 for MAXPV.
122 ** The from address rewrite is expected to make
123 ** the address relative to the other end.
124 */
125
126 /* rewrite from address, using rewriting rules */
127 expand("\001f", buf, &buf[sizeof buf - 1], e);
128 (void) strcpy(tfrombuf, remotename(buf, m, TRUE, TRUE));
129
130 define('g', tfrombuf, e); /* translated sender address */
131 define('h', host, e); /* to host */
132 Errors = 0;
133 pvp = pv;
134 *pvp++ = m->m_argv[0];
135
136 /* insert -f or -r flag as appropriate */
137 if (FromFlag && (bitnset(M_FOPT, m->m_flags) || bitnset(M_ROPT, m->m_flags)))
138 {
139 if (bitnset(M_FOPT, m->m_flags))
140 *pvp++ = "-f";
141 else
142 *pvp++ = "-r";
143 expand("\001g", buf, &buf[sizeof buf - 1], e);
144 *pvp++ = newstr(buf);
145 }
146
147 /*
148 ** Append the other fixed parts of the argv. These run
149 ** up to the first entry containing "$u". There can only
150 ** be one of these, and there are only a few more slots
151 ** in the pv after it.
152 */
153
154 for (mvp = m->m_argv; (p = *++mvp) != NULL; )
155 {
156 while ((p = index(p, '\001')) != NULL)
157 if (*++p == 'u')
158 break;
159 if (p != NULL)
160 break;
161
162 /* this entry is safe -- go ahead and process it */
163 expand(*mvp, buf, &buf[sizeof buf - 1], e);
164 *pvp++ = newstr(buf);
165 if (pvp >= &pv[MAXPV - 3])
166 {
167 syserr("Too many parameters to %s before $u", pv[0]);
168 return (-1);
169 }
170 }
171
172 /*
173 ** If we have no substitution for the user name in the argument
174 ** list, we know that we must supply the names otherwise -- and
175 ** SMTP is the answer!!
176 */
177
178 if (*mvp == NULL)
179 {
180 /* running SMTP */
181 # ifdef SMTP
182 clever = TRUE;
183 *pvp = NULL;
184 # else SMTP
185 /* oops! we don't implement SMTP */
186 syserr("SMTP style mailer");
187 return (EX_SOFTWARE);
188 # endif SMTP
189 }
190
191 /*
192 ** At this point *mvp points to the argument with $u. We
193 ** run through our address list and append all the addresses
194 ** we can. If we run out of space, do not fret! We can
195 ** always send another copy later.
196 */
197
198 tobuf[0] = '\0';
199 e->e_to = tobuf;
200 ctladdr = NULL;
201 for (; to != NULL; to = to->q_next)
202 {
203 /* avoid sending multiple recipients to dumb mailers */
204 if (tobuf[0] != '\0' && !bitnset(M_MUSER, m->m_flags))
205 break;
206
207 /* if already sent or not for this host, don't send */
208 if (bitset(QDONTSEND, to->q_flags) ||
209 strcmp(to->q_host, host) != 0 ||
210 to->q_mailer != firstto->q_mailer)
211 continue;
212
213 /* avoid overflowing tobuf */
214 if (sizeof tobuf < (strlen(to->q_paddr) + strlen(tobuf) + 2))
215 break;
216
217 if (tTd(10, 1))
218 {
219 printf("\nsend to ");
220 printaddr(to, FALSE);
221 }
222
223 /* compute effective uid/gid when sending */
224 if (to->q_mailer == ProgMailer)
225 ctladdr = getctladdr(to);
226
227 user = to->q_user;
228 e->e_to = to->q_paddr;
229 to->q_flags |= QDONTSEND;
230
231 /*
232 ** Check to see that these people are allowed to
233 ** talk to each other.
234 */
235
236 if (m->m_maxsize != 0 && e->e_msgsize > m->m_maxsize)
237 {
238 NoReturn = TRUE;
239 usrerr("Message is too large; %ld bytes max", m->m_maxsize);
240 giveresponse(EX_UNAVAILABLE, m, e);
241 continue;
242 }
243 if (!checkcompat(to))
244 {
245 giveresponse(EX_UNAVAILABLE, m, e);
246 continue;
247 }
248
249 /*
250 ** Strip quote bits from names if the mailer is dumb
251 ** about them.
252 */
253
254 if (bitnset(M_STRIPQ, m->m_flags))
255 {
256 stripquotes(user, TRUE);
257 stripquotes(host, TRUE);
258 }
259 else
260 {
261 stripquotes(user, FALSE);
262 stripquotes(host, FALSE);
263 }
264
265 /* hack attack -- delivermail compatibility */
266 if (m == ProgMailer && *user == '|')
267 user++;
268
269 /*
270 ** If an error message has already been given, don't
271 ** bother to send to this address.
272 **
273 ** >>>>>>>>>> This clause assumes that the local mailer
274 ** >> NOTE >> cannot do any further aliasing; that
275 ** >>>>>>>>>> function is subsumed by sendmail.
276 */
277
278 if (bitset(QBADADDR|QQUEUEUP, to->q_flags))
279 continue;
280
281 /* save statistics.... */
282 markstats(e, to);
283
284 /*
285 ** See if this user name is "special".
286 ** If the user name has a slash in it, assume that this
287 ** is a file -- send it off without further ado. Note
288 ** that this type of addresses is not processed along
289 ** with the others, so we fudge on the To person.
290 */
291
292 if (m == LocalMailer)
293 {
294 if (user[0] == '/')
295 {
296 rcode = mailfile(user, getctladdr(to));
297 giveresponse(rcode, m, e);
298 if (rcode == EX_OK)
299 to->q_flags |= QSENT;
300 continue;
301 }
302 }
303
304 /*
305 ** Address is verified -- add this user to mailer
306 ** argv, and add it to the print list of recipients.
307 */
308
309 /* link together the chain of recipients */
310 to->q_tchain = tochain;
311 tochain = to;
312
313 /* create list of users for error messages */
314 (void) strcat(tobuf, ",");
315 (void) strcat(tobuf, to->q_paddr);
316 define('u', user, e); /* to user */
317 define('z', to->q_home, e); /* user's home */
318
319 /*
320 ** Expand out this user into argument list.
321 */
322
323 if (!clever)
324 {
325 expand(*mvp, buf, &buf[sizeof buf - 1], e);
326 *pvp++ = newstr(buf);
327 if (pvp >= &pv[MAXPV - 2])
328 {
329 /* allow some space for trailing parms */
330 break;
331 }
332 }
333 }
334
335 /* see if any addresses still exist */
336 if (tobuf[0] == '\0')
337 {
338 define('g', (char *) NULL, e);
339 return (0);
340 }
341
342 /* print out messages as full list */
343 e->e_to = tobuf + 1;
344
345 /*
346 ** Fill out any parameters after the $u parameter.
347 */
348
349 while (!clever && *++mvp != NULL)
350 {
351 expand(*mvp, buf, &buf[sizeof buf - 1], e);
352 *pvp++ = newstr(buf);
353 if (pvp >= &pv[MAXPV])
354 syserr("deliver: pv overflow after $u for %s", pv[0]);
355 }
356 *pvp++ = NULL;
357
358 /*
359 ** Call the mailer.
360 ** The argument vector gets built, pipes
361 ** are created as necessary, and we fork & exec as
362 ** appropriate.
363 ** If we are running SMTP, we just need to clean up.
364 */
365
366 if (ctladdr == NULL)
367 ctladdr = &e->e_from;
368 #ifdef NAMED_BIND
369 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */
370 #endif
371 #ifdef SMTP
372 if (clever)
373 {
374 rcode = EX_OK;
375 #ifdef NAMED_BIND
376 if (host[0] && host[0] != '[')
377 {
378 expand("\001w", buf, &buf[sizeof(buf) - 1], e);
379 Nmx = getmxrr(host, MxHosts, buf, &rcode);
380 }
381 else
382 #endif
383 {
384 Nmx = 1;
385 MxHosts[0] = host;
386 }
387 if (Nmx >= 0)
388 {
389 message(Arpa_Info, "Connecting to %s (%s)...",
390 MxHosts[0], m->m_name);
391 if ((rcode = smtpinit(m, pv)) == EX_OK) {
392 register char *t = tobuf;
393 register int i;
394
395 /* send the recipient list */
396 tobuf[0] = '\0';
397 for (to = tochain; to; to = to->q_tchain) {
398 e->e_to = to->q_paddr;
399 if ((i = smtprcpt(to, m)) != EX_OK) {
400 markfailure(e, to, i);
401 giveresponse(i, m, e);
402 }
403 else {
404 *t++ = ',';
405 for (p = to->q_paddr; *p; *t++ = *p++);
406 }
407 }
408
409 /* now send the data */
410 if (tobuf[0] == '\0')
411 e->e_to = NULL;
412 else {
413 e->e_to = tobuf + 1;
414 rcode = smtpdata(m, e);
415 }
416
417 /* now close the connection */
418 smtpquit(m);
419 }
420 }
421 }
422 else
423 #endif /* SMTP */
424 {
425 static int sendoff();
426
427 message(Arpa_Info, "Connecting to %s (%s)...", host, m->m_name);
428 rcode = sendoff(e, m, pv, ctladdr);
429 }
430 #ifdef NAMED_BIND
431 _res.options |= RES_DEFNAMES | RES_DNSRCH; /* XXX */
432 #endif
433
434 /*
435 ** Do final status disposal.
436 ** We check for something in tobuf for the SMTP case.
437 ** If we got a temporary failure, arrange to queue the
438 ** addressees.
439 */
440
441 if (tobuf[0] != '\0')
442 giveresponse(rcode, m, e);
443 for (to = tochain; to != NULL; to = to->q_tchain)
444 if (rcode != EX_OK)
445 markfailure(e, to, rcode);
446 else
447 to->q_flags |= QSENT;
448
449 errno = 0;
450 define('g', (char *) NULL, e);
451 return (rcode);
452 }
453 �/*
454 ** MARKFAILURE -- mark a failure on a specific address.
455 **
456 ** Parameters:
457 ** e -- the envelope we are sending.
458 ** q -- the address to mark.
459 ** rcode -- the code signifying the particular failure.
460 **
461 ** Returns:
462 ** none.
463 **
464 ** Side Effects:
465 ** marks the address (and possibly the envelope) with the
466 ** failure so that an error will be returned or
467 ** the message will be queued, as appropriate.
468 */
469
470 markfailure(e, q, rcode)
471 register ENVELOPE *e;
472 register ADDRESS *q;
473 int rcode;
474 {
475 if (rcode == EX_OK)
476 return;
477 else if (rcode != EX_TEMPFAIL && rcode != EX_IOERR && rcode != EX_OSERR)
478 q->q_flags |= QBADADDR;
479 else if (curtime() > e->e_ctime + TimeOut)
480 {
481 extern char *pintvl();
482 char buf[MAXLINE];
483
484 if (!bitset(EF_TIMEOUT, e->e_flags))
485 {
486 (void) sprintf(buf, "Cannot send message for %s",
487 pintvl(TimeOut, FALSE));
488 if (e->e_message != NULL)
489 free(e->e_message);
490 e->e_message = newstr(buf);
491 message(Arpa_Info, buf);
492 }
493 q->q_flags |= QBADADDR;
494 e->e_flags |= EF_TIMEOUT;
495 }
496 else
497 q->q_flags |= QQUEUEUP;
498 }
499 �/*
500 ** DOFORK -- do a fork, retrying a couple of times on failure.
501 **
502 ** This MUST be a macro, since after a vfork we are running
503 ** two processes on the same stack!!!
504 **
505 ** Parameters:
506 ** none.
507 **
508 ** Returns:
509 ** From a macro??? You've got to be kidding!
510 **
511 ** Side Effects:
512 ** Modifies the ==> LOCAL <== variable 'pid', leaving:
513 ** pid of child in parent, zero in child.
514 ** -1 on unrecoverable error.
515 **
516 ** Notes:
517 ** I'm awfully sorry this looks so awful. That's
518 ** vfork for you.....
519 */
520
521 # define NFORKTRIES 5
522 # ifdef VMUNIX
523 # define XFORK vfork
524 # else VMUNIX
525 # define XFORK fork
526 # endif VMUNIX
527
528 # define DOFORK(fORKfN) \
529 {\
530 register int i;\
531 \
532 for (i = NFORKTRIES; --i >= 0; )\
533 {\
534 pid = fORKfN();\
535 if (pid >= 0)\
536 break;\
537 if (i > 0)\
538 sleep((unsigned) NFORKTRIES - i);\
539 }\
540 }
541 �/*
542 ** DOFORK -- simple fork interface to DOFORK.
543 **
544 ** Parameters:
545 ** none.
546 **
547 ** Returns:
548 ** pid of child in parent.
549 ** zero in child.
550 ** -1 on error.
551 **
552 ** Side Effects:
553 ** returns twice, once in parent and once in child.
554 */
555
556 dofork()
557 {
558 register int pid;
559
560 DOFORK(fork);
561 return (pid);
562 }
563 �/*
564 ** SENDOFF -- send off call to mailer & collect response.
565 **
566 ** Parameters:
567 ** e -- the envelope to mail.
568 ** m -- mailer descriptor.
569 ** pvp -- parameter vector to send to it.
570 ** ctladdr -- an address pointer controlling the
571 ** user/groupid etc. of the mailer.
572 **
573 ** Returns:
574 ** exit status of mailer.
575 **
576 ** Side Effects:
577 ** none.
578 */
579 static
580 sendoff(e, m, pvp, ctladdr)
581 register ENVELOPE *e;
582 MAILER *m;
583 char **pvp;
584 ADDRESS *ctladdr;
585 {
586 auto FILE *mfile;
587 auto FILE *rfile;
588 register int i;
589 int pid;
590
591 /*
592 ** Create connection to mailer.
593 */
594
595 pid = openmailer(m, pvp, ctladdr, FALSE, &mfile, &rfile);
596 if (pid < 0)
597 return (-1);
598
599 /*
600 ** Format and send message.
601 */
602
603 putfromline(mfile, m);
604 (*e->e_puthdr)(mfile, m, e);
605 putline("\n", mfile, m);
606 (*e->e_putbody)(mfile, m, e);
607 (void) fclose(mfile);
608 if (rfile != NULL)
609 (void) fclose(rfile);
610
611 i = endmailer(pid, pvp[0]);
612
613 /* arrange a return receipt if requested */
614 if (e->e_receiptto != NULL && bitnset(M_LOCAL, m->m_flags))
615 {
616 e->e_flags |= EF_SENDRECEIPT;
617 /* do we want to send back more info? */
618 }
619
620 return (i);
621 }
622 �/*
623 ** ENDMAILER -- Wait for mailer to terminate.
624 **
625 ** We should never get fatal errors (e.g., segmentation
626 ** violation), so we report those specially. For other
627 ** errors, we choose a status message (into statmsg),
628 ** and if it represents an error, we print it.
629 **
630 ** Parameters:
631 ** pid -- pid of mailer.
632 ** name -- name of mailer (for error messages).
633 **
634 ** Returns:
635 ** exit code of mailer.
636 **
637 ** Side Effects:
638 ** none.
639 */
640
641 endmailer(pid, name)
642 int pid;
643 char *name;
644 {
645 int st;
646
647 /* in the IPC case there is nothing to wait for */
648 if (pid == 0)
649 return (EX_OK);
650
651 /* wait for the mailer process to die and collect status */
652 st = waitfor(pid);
653 if (st == -1)
654 {
655 syserr("endmailer %s: wait", name);
656 return (EX_SOFTWARE);
657 }
658
659 /* see if it died a horrid death */
660 if ((st & 0377) != 0)
661 {
662 syserr("mailer %s died with signal %o", name, st);
663 ExitStat = EX_TEMPFAIL;
664 return (EX_TEMPFAIL);
665 }
666
667 /* normal death -- return status */
668 st = (st >> 8) & 0377;
669 return (st);
670 }
671 �/*
672 ** OPENMAILER -- open connection to mailer.
673 **
674 ** Parameters:
675 ** m -- mailer descriptor.
676 ** pvp -- parameter vector to pass to mailer.
677 ** ctladdr -- controlling address for user.
678 ** clever -- create a full duplex connection.
679 ** pmfile -- pointer to mfile (to mailer) connection.
680 ** prfile -- pointer to rfile (from mailer) connection.
681 **
682 ** Returns:
683 ** pid of mailer ( > 0 ).
684 ** -1 on error.
685 ** zero on an IPC connection.
686 **
687 ** Side Effects:
688 ** creates a mailer in a subprocess.
689 */
690
691 openmailer(m, pvp, ctladdr, clever, pmfile, prfile)
692 MAILER *m;
693 char **pvp;
694 ADDRESS *ctladdr;
695 bool clever;
696 FILE **pmfile;
697 FILE **prfile;
698 {
699 int pid;
700 int mpvect[2];
701 int rpvect[2];
702 FILE *mfile = NULL;
703 FILE *rfile = NULL;
704 extern FILE *fdopen();
705
706 if (tTd(11, 1))
707 {
708 printf("openmailer:");
709 printav(pvp);
710 }
711 errno = 0;
712
713 CurHostName = m->m_mailer;
714
715 /*
716 ** Deal with the special case of mail handled through an IPC
717 ** connection.
718 ** In this case we don't actually fork. We must be
719 ** running SMTP for this to work. We will return a
720 ** zero pid to indicate that we are running IPC.
721 ** We also handle a debug version that just talks to stdin/out.
722 */
723
724 /* check for Local Person Communication -- not for mortals!!! */
725 if (strcmp(m->m_mailer, "[LPC]") == 0)
726 {
727 *pmfile = stdout;
728 *prfile = stdin;
729 return (0);
730 }
731
732 if (strcmp(m->m_mailer, "[IPC]") == 0)
733 {
734 #ifdef HOSTINFO
735 register STAB *st;
736 extern STAB *stab();
737 #endif HOSTINFO
738 #ifdef DAEMON
739 register int i, j;
740 register u_short port;
741
742 CurHostName = pvp[1];
743 if (!clever)
744 syserr("non-clever IPC");
745 if (pvp[2] != NULL)
746 port = atoi(pvp[2]);
747 else
748 port = 0;
749 for (j = 0; j < Nmx; j++)
750 {
751 CurHostName = MxHosts[j];
752 #ifdef HOSTINFO
753 /* see if we have already determined that this host is fried */
754 st = stab(MxHosts[j], ST_HOST, ST_FIND);
755 if (st == NULL || st->s_host.ho_exitstat == EX_OK) {
756 if (j > 1)
757 message(Arpa_Info,
758 "Connecting to %s (%s)...",
759 MxHosts[j], m->m_name);
760 i = makeconnection(MxHosts[j], port, pmfile, prfile);
761 }
762 else
763 {
764 i = st->s_host.ho_exitstat;
765 errno = st->s_host.ho_errno;
766 }
767 #else HOSTINFO
768 i = makeconnection(MxHosts[j], port, pmfile, prfile);
769 #endif HOSTINFO
770 if (i != EX_OK)
771 {
772 #ifdef HOSTINFO
773 /* enter status of this host */
774 if (st == NULL)
775 st = stab(MxHosts[j], ST_HOST, ST_ENTER);
776 st->s_host.ho_exitstat = i;
777 st->s_host.ho_errno = errno;
778 #endif HOSTINFO
779 ExitStat = i;
780 continue;
781 }
782 else
783 return (0);
784 }
785 return (-1);
786 #else DAEMON
787 syserr("openmailer: no IPC");
788 return (-1);
789 #endif DAEMON
790 }
791
792 /* create a pipe to shove the mail through */
793 if (pipe(mpvect) < 0)
794 {
795 syserr("openmailer: pipe (to mailer)");
796 return (-1);
797 }
798
799 #ifdef SMTP
800 /* if this mailer speaks smtp, create a return pipe */
801 if (clever && pipe(rpvect) < 0)
802 {
803 syserr("openmailer: pipe (from mailer)");
804 (void) close(mpvect[0]);
805 (void) close(mpvect[1]);
806 return (-1);
807 }
808 #endif SMTP
809
810 /*
811 ** Actually fork the mailer process.
812 ** DOFORK is clever about retrying.
813 **
814 ** Dispose of SIGCHLD signal catchers that may be laying
815 ** around so that endmail will get it.
816 */
817
818 if (CurEnv->e_xfp != NULL)
819 (void) fflush(CurEnv->e_xfp); /* for debugging */
820 (void) fflush(stdout);
821 # ifdef SIGCHLD
822 (void) signal(SIGCHLD, SIG_DFL);
823 # endif SIGCHLD
824 DOFORK(XFORK);
825 /* pid is set by DOFORK */
826 if (pid < 0)
827 {
828 /* failure */
829 syserr("openmailer: cannot fork");
830 (void) close(mpvect[0]);
831 (void) close(mpvect[1]);
832 #ifdef SMTP
833 if (clever)
834 {
835 (void) close(rpvect[0]);
836 (void) close(rpvect[1]);
837 }
838 #endif SMTP
839 return (-1);
840 }
841 else if (pid == 0)
842 {
843 int i;
844 extern int DtableSize;
845
846 /* child -- set up input & exec mailer */
847 /* make diagnostic output be standard output */
848 (void) signal(SIGINT, SIG_IGN);
849 (void) signal(SIGHUP, SIG_IGN);
850 (void) signal(SIGTERM, SIG_DFL);
851
852 /* arrange to filter standard & diag output of command */
853 if (clever)
854 {
855 (void) close(rpvect[0]);
856 (void) close(1);
857 (void) dup(rpvect[1]);
858 (void) close(rpvect[1]);
859 }
860 else if (OpMode == MD_SMTP || HoldErrs)
861 {
862 /* put mailer output in transcript */
863 (void) close(1);
864 (void) dup(fileno(CurEnv->e_xfp));
865 }
866 (void) close(2);
867 (void) dup(1);
868
869 /* arrange to get standard input */
870 (void) close(mpvect[1]);
871 (void) close(0);
872 if (dup(mpvect[0]) < 0)
873 {
874 syserr("Cannot dup to zero!");
875 _exit(EX_OSERR);
876 }
877 (void) close(mpvect[0]);
878 if (!bitnset(M_RESTR, m->m_flags))
879 {
880 if (ctladdr == NULL || ctladdr->q_uid == 0)
881 {
882 (void) setgid(DefGid);
883 (void) initgroups(DefUser, DefGid);
884 (void) setuid(DefUid);
885 }
886 else
887 {
888 (void) setgid(ctladdr->q_gid);
889 (void) initgroups(ctladdr->q_ruser?
890 ctladdr->q_ruser: ctladdr->q_user,
891 ctladdr->q_gid);
892 (void) setuid(ctladdr->q_uid);
893 }
894 }
895
896 /* arrange for all the files to be closed */
897 for (i = 3; i < DtableSize; i++) {
898 register int j;
899 if ((j = fcntl(i, F_GETFD, 0)) != -1)
900 (void)fcntl(i, F_SETFD, j|1);
901 }
902
903 /* try to execute the mailer */
904 execve(m->m_mailer, pvp, UserEnviron);
905 syserr("Cannot exec %s", m->m_mailer);
906 if (m == LocalMailer || errno == EIO || errno == EAGAIN ||
907 errno == ENOMEM || errno == EPROCLIM)
908 _exit(EX_TEMPFAIL);
909 else
910 _exit(EX_UNAVAILABLE);
911 }
912
913 /*
914 ** Set up return value.
915 */
916
917 (void) close(mpvect[0]);
918 mfile = fdopen(mpvect[1], "w");
919 if (clever)
920 {
921 (void) close(rpvect[1]);
922 rfile = fdopen(rpvect[0], "r");
923 } else
924 rfile = NULL;
925
926 *pmfile = mfile;
927 *prfile = rfile;
928
929 return (pid);
930 }
931 �/*
932 ** GIVERESPONSE -- Interpret an error response from a mailer
933 **
934 ** Parameters:
935 ** stat -- the status code from the mailer (high byte
936 ** only; core dumps must have been taken care of
937 ** already).
938 ** m -- the mailer descriptor for this mailer.
939 **
940 ** Returns:
941 ** none.
942 **
943 ** Side Effects:
944 ** Errors may be incremented.
945 ** ExitStat may be set.
946 */
947
948 giveresponse(stat, m, e)
949 int stat;
950 register MAILER *m;
951 ENVELOPE *e;
952 {
953 register char *statmsg;
954 extern char *SysExMsg[];
955 register int i;
956 extern int N_SysEx;
957 #ifdef NAMED_BIND
958 extern int h_errno;
959 #endif
960 char buf[MAXLINE];
961
962 #ifdef lint
963 if (m == NULL)
964 return;
965 #endif lint
966
967 /*
968 ** Compute status message from code.
969 */
970
971 i = stat - EX__BASE;
972 if (stat == 0)
973 statmsg = "250 Sent";
974 else if (i < 0 || i > N_SysEx)
975 {
976 (void) sprintf(buf, "554 unknown mailer error %d", stat);
977 stat = EX_UNAVAILABLE;
978 statmsg = buf;
979 }
980 else if (stat == EX_TEMPFAIL)
981 {
982 (void) strcpy(buf, SysExMsg[i]);
983 #ifdef NAMED_BIND
984 if (h_errno == TRY_AGAIN)
985 {
986 extern char *errstring();
987
988 statmsg = errstring(h_errno+MAX_ERRNO);
989 }
990 else
991 #endif
992 {
993 if (errno != 0)
994 {
995 extern char *errstring();
996
997 statmsg = errstring(errno);
998 }
999 else
1000 {
1001 #ifdef SMTP
1002 extern char SmtpError[];
1003
1004 statmsg = SmtpError;
1005 #else SMTP
1006 statmsg = NULL;
1007 #endif SMTP
1008 }
1009 }
1010 if (statmsg != NULL && statmsg[0] != '\0')
1011 {
1012 (void) strcat(buf, ": ");
1013 (void) strcat(buf, statmsg);
1014 }
1015 statmsg = buf;
1016 }
1017 else
1018 {
1019 statmsg = SysExMsg[i];
1020 }
1021
1022 /*
1023 ** Print the message as appropriate
1024 */
1025
1026 if (stat == EX_OK || stat == EX_TEMPFAIL)
1027 message(Arpa_Info, &statmsg[4]);
1028 else
1029 {
1030 Errors++;
1031 usrerr(statmsg);
1032 }
1033
1034 /*
1035 ** Final cleanup.
1036 ** Log a record of the transaction. Compute the new
1037 ** ExitStat -- if we already had an error, stick with
1038 ** that.
1039 */
1040
1041 if (LogLevel > ((stat == 0 || stat == EX_TEMPFAIL) ? 3 : 2))
1042 logdelivery(&statmsg[4]);
1043
1044 if (stat != EX_TEMPFAIL)
1045 setstat(stat);
1046 if (stat != EX_OK)
1047 {
1048 if (e->e_message != NULL)
1049 free(e->e_message);
1050 e->e_message = newstr(&statmsg[4]);
1051 }
1052 errno = 0;
1053 #ifdef NAMED_BIND
1054 h_errno = 0;
1055 #endif
1056 }
1057 �/*
1058 ** LOGDELIVERY -- log the delivery in the system log
1059 **
1060 ** Parameters:
1061 ** stat -- the message to print for the status
1062 **
1063 ** Returns:
1064 ** none
1065 **
1066 ** Side Effects:
1067 ** none
1068 */
1069
1070 logdelivery(stat)
1071 char *stat;
1072 {
1073 extern char *pintvl();
1074
1075 # ifdef LOG
1076 syslog(LOG_INFO, "%s: to=%s, delay=%s, stat=%s", CurEnv->e_id,
1077 CurEnv->e_to, pintvl(curtime() - CurEnv->e_ctime, TRUE), stat);
1078 # endif LOG
1079 }
1080 �/*
1081 ** PUTFROMLINE -- output a UNIX-style from line (or whatever)
1082 **
1083 ** This can be made an arbitrary message separator by changing $l
1084 **
1085 ** One of the ugliest hacks seen by human eyes is contained herein:
1086 ** UUCP wants those stupid "remote from <host>" lines. Why oh why
1087 ** does a well-meaning programmer such as myself have to deal with
1088 ** this kind of antique garbage????
1089 **
1090 ** Parameters:
1091 ** fp -- the file to output to.
1092 ** m -- the mailer describing this entry.
1093 **
1094 ** Returns:
1095 ** none
1096 **
1097 ** Side Effects:
1098 ** outputs some text to fp.
1099 */
1100
1101 putfromline(fp, m)
1102 register FILE *fp;
1103 register MAILER *m;
1104 {
1105 char *template = "\001l\n";
1106 char buf[MAXLINE];
1107
1108 if (bitnset(M_NHDR, m->m_flags))
1109 return;
1110
1111 # ifdef UGLYUUCP
1112 if (bitnset(M_UGLYUUCP, m->m_flags))
1113 {
1114 char *bang;
1115 char xbuf[MAXLINE];
1116
1117 expand("\001g", buf, &buf[sizeof buf - 1], CurEnv);
1118 bang = index(buf, '!');
1119 if (bang == NULL)
1120 syserr("No ! in UUCP! (%s)", buf);
1121 else
1122 {
1123 *bang++ = '\0';
1124 (void) sprintf(xbuf, "From %s \001d remote from %s\n", bang, buf);
1125 template = xbuf;
1126 }
1127 }
1128 # endif UGLYUUCP
1129 expand(template, buf, &buf[sizeof buf - 1], CurEnv);
1130 putline(buf, fp, m);
1131 }
1132 �/*
1133 ** PUTBODY -- put the body of a message.
1134 **
1135 ** Parameters:
1136 ** fp -- file to output onto.
1137 ** m -- a mailer descriptor to control output format.
1138 ** e -- the envelope to put out.
1139 **
1140 ** Returns:
1141 ** none.
1142 **
1143 ** Side Effects:
1144 ** The message is written onto fp.
1145 */
1146
1147 putbody(fp, m, e)
1148 FILE *fp;
1149 MAILER *m;
1150 register ENVELOPE *e;
1151 {
1152 char buf[MAXLINE];
1153
1154 /*
1155 ** Output the body of the message
1156 */
1157
1158 if (e->e_dfp == NULL)
1159 {
1160 if (e->e_df != NULL)
1161 {
1162 e->e_dfp = fopen(e->e_df, "r");
1163 if (e->e_dfp == NULL)
1164 syserr("putbody: Cannot open %s for %s from %s",
1165 e->e_df, e->e_to, e->e_from);
1166 }
1167 else
1168 putline("<<< No Message Collected >>>", fp, m);
1169 }
1170 if (e->e_dfp != NULL)
1171 {
1172 rewind(e->e_dfp);
1173 while (!ferror(fp) && fgets(buf, sizeof buf, e->e_dfp) != NULL)
1174 {
1175 if (buf[0] == 'F' && bitnset(M_ESCFROM, m->m_flags) &&
1176 strncmp(buf, "From ", 5) == 0)
1177 (void) putc('>', fp);
1178 putline(buf, fp, m);
1179 }
1180
1181 if (ferror(e->e_dfp))
1182 {
1183 syserr("putbody: read error");
1184 ExitStat = EX_IOERR;
1185 }
1186 }
1187
1188 (void) fflush(fp);
1189 if (ferror(fp) && errno != EPIPE)
1190 {
1191 syserr("putbody: write error");
1192 ExitStat = EX_IOERR;
1193 }
1194 errno = 0;
1195 }
1196 �/*
1197 ** MAILFILE -- Send a message to a file.
1198 **
1199 ** If the file has the setuid/setgid bits set, but NO execute
1200 ** bits, sendmail will try to become the owner of that file
1201 ** rather than the real user. Obviously, this only works if
1202 ** sendmail runs as root.
1203 **
1204 ** This could be done as a subordinate mailer, except that it
1205 ** is used implicitly to save messages in ~/dead.letter. We
1206 ** view this as being sufficiently important as to include it
1207 ** here. For example, if the system is dying, we shouldn't have
1208 ** to create another process plus some pipes to save the message.
1209 **
1210 ** Parameters:
1211 ** filename -- the name of the file to send to.
1212 ** ctladdr -- the controlling address header -- includes
1213 ** the userid/groupid to be when sending.
1214 **
1215 ** Returns:
1216 ** The exit code associated with the operation.
1217 **
1218 ** Side Effects:
1219 ** none.
1220 */
1221
1222 mailfile(filename, ctladdr)
1223 char *filename;
1224 ADDRESS *ctladdr;
1225 {
1226 register FILE *f;
1227 register int pid;
1228 ENVELOPE *e = CurEnv;
1229
1230 /*
1231 ** Fork so we can change permissions here.
1232 ** Note that we MUST use fork, not vfork, because of
1233 ** the complications of calling subroutines, etc.
1234 */
1235
1236 DOFORK(fork);
1237
1238 if (pid < 0)
1239 return (EX_OSERR);
1240 else if (pid == 0)
1241 {
1242 /* child -- actually write to file */
1243 struct stat stb;
1244
1245 (void) signal(SIGINT, SIG_DFL);
1246 (void) signal(SIGHUP, SIG_DFL);
1247 (void) signal(SIGTERM, SIG_DFL);
1248 (void) umask(OldUmask);
1249 if (stat(filename, &stb) < 0)
1250 {
1251 errno = 0;
1252 stb.st_mode = 0666;
1253 }
1254 if (bitset(0111, stb.st_mode))
1255 exit(EX_CANTCREAT);
1256 if (ctladdr == NULL)
1257 ctladdr = &e->e_from;
1258 /* we have to open the dfile BEFORE setuid */
1259 if (e->e_dfp == NULL && e->e_df != NULL)
1260 {
1261 e->e_dfp = fopen(e->e_df, "r");
1262 if (e->e_dfp == NULL) {
1263 syserr("mailfile: Cannot open %s for %s from %s",
1264 e->e_df, e->e_to, e->e_from);
1265 }
1266 }
1267
1268 if (!bitset(S_ISGID, stb.st_mode) || setgid(stb.st_gid) < 0)
1269 {
1270 if (ctladdr->q_uid == 0) {
1271 (void) setgid(DefGid);
1272 (void) initgroups(DefUser, DefGid);
1273 } else {
1274 (void) setgid(ctladdr->q_gid);
1275 (void) initgroups(ctladdr->q_ruser?
1276 ctladdr->q_ruser: ctladdr->q_user,
1277 ctladdr->q_gid);
1278 }
1279 }
1280 if (!bitset(S_ISUID, stb.st_mode) || setuid(stb.st_uid) < 0)
1281 {
1282 if (ctladdr->q_uid == 0)
1283 (void) setuid(DefUid);
1284 else
1285 (void) setuid(ctladdr->q_uid);
1286 }
1287 f = dfopen(filename, "a");
1288 if (f == NULL)
1289 exit(EX_CANTCREAT);
1290
1291 putfromline(f, ProgMailer);
1292 (*CurEnv->e_puthdr)(f, ProgMailer, CurEnv);
1293 putline("\n", f, ProgMailer);
1294 (*CurEnv->e_putbody)(f, ProgMailer, CurEnv);
1295 putline("\n", f, ProgMailer);
1296 (void) fclose(f);
1297 (void) fflush(stdout);
1298
1299 /* reset ISUID & ISGID bits for paranoid systems */
1300 (void) chmod(filename, (int) stb.st_mode);
1301 exit(EX_OK);
1302 /*NOTREACHED*/
1303 }
1304 else
1305 {
1306 /* parent -- wait for exit status */
1307 int st;
1308
1309 st = waitfor(pid);
1310 if ((st & 0377) != 0)
1311 return (EX_UNAVAILABLE);
1312 else
1313 return ((st >> 8) & 0377);
1314 /*NOTREACHED*/
1315 }
1316 }
1317 �/*
1318 ** SENDALL -- actually send all the messages.
1319 **
1320 ** Parameters:
1321 ** e -- the envelope to send.
1322 ** mode -- the delivery mode to use. If SM_DEFAULT, use
1323 ** the current SendMode.
1324 **
1325 ** Returns:
1326 ** none.
1327 **
1328 ** Side Effects:
1329 ** Scans the send lists and sends everything it finds.
1330 ** Delivers any appropriate error messages.
1331 ** If we are running in a non-interactive mode, takes the
1332 ** appropriate action.
1333 */
1334
1335 sendall(e, mode)
1336 ENVELOPE *e;
1337 char mode;
1338 {
1339 register ADDRESS *q;
1340 bool oldverbose;
1341 int pid;
1342 int nsent;
1343 FILE *lockfp = NULL, *queueup();
1344
1345 /* determine actual delivery mode */
1346 if (mode == SM_DEFAULT)
1347 {
1348 extern bool shouldqueue();
1349
1350 if (shouldqueue(e->e_msgpriority))
1351 mode = SM_QUEUE;
1352 else
1353 mode = SendMode;
1354 }
1355
1356 if (tTd(13, 1))
1357 {
1358 printf("\nSENDALL: mode %c, sendqueue:\n", mode);
1359 printaddr(e->e_sendqueue, TRUE);
1360 }
1361
1362 /*
1363 ** Do any preprocessing necessary for the mode we are running.
1364 ** Check to make sure the hop count is reasonable.
1365 ** Delete sends to the sender in mailing lists.
1366 */
1367
1368 CurEnv = e;
1369
1370 if (e->e_hopcount > MAXHOP)
1371 {
1372 errno = 0;
1373 syserr("sendall: too many hops %d (%d max): from %s, to %s",
1374 e->e_hopcount, MAXHOP, e->e_from, e->e_to);
1375 return;
1376 }
1377
1378 if (!MeToo)
1379 {
1380 extern ADDRESS *recipient();
1381
1382 e->e_from.q_flags |= QDONTSEND;
1383 (void) recipient(&e->e_from, &e->e_sendqueue);
1384 }
1385
1386 # ifdef QUEUE
1387 if ((mode == SM_QUEUE || mode == SM_FORK ||
1388 (mode != SM_VERIFY && SuperSafe)) &&
1389 !bitset(EF_INQUEUE, e->e_flags))
1390 lockfp = queueup(e, TRUE, mode == SM_QUEUE);
1391 #endif QUEUE
1392
1393 oldverbose = Verbose;
1394 switch (mode)
1395 {
1396 case SM_VERIFY:
1397 Verbose = TRUE;
1398 break;
1399
1400 case SM_QUEUE:
1401 e->e_flags |= EF_INQUEUE|EF_KEEPQUEUE;
1402 return;
1403
1404 case SM_FORK:
1405 if (e->e_xfp != NULL)
1406 (void) fflush(e->e_xfp);
1407 pid = fork();
1408 if (pid < 0)
1409 {
1410 mode = SM_DELIVER;
1411 break;
1412 }
1413 else if (pid > 0)
1414 {
1415 /* be sure we leave the temp files to our child */
1416 e->e_id = e->e_df = NULL;
1417 if (lockfp != NULL)
1418 (void) fclose(lockfp);
1419 return;
1420 }
1421
1422 /* double fork to avoid zombies */
1423 if (fork() > 0)
1424 exit(EX_OK);
1425
1426 /* be sure we are immune from the terminal */
1427 disconnect(FALSE);
1428
1429 break;
1430 }
1431
1432 /*
1433 ** Run through the list and send everything.
1434 */
1435
1436 nsent = 0;
1437 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
1438 {
1439 if (mode == SM_VERIFY)
1440 {
1441 e->e_to = q->q_paddr;
1442 if (!bitset(QDONTSEND|QBADADDR, q->q_flags))
1443 message(Arpa_Info, "deliverable");
1444 }
1445 else if (!bitset(QDONTSEND, q->q_flags))
1446 {
1447 /*
1448 ** Checkpoint the send list every few addresses
1449 */
1450
1451 if (nsent >= CheckpointInterval)
1452 {
1453 queueup(e, TRUE, FALSE);
1454 nsent = 0;
1455 }
1456 if (deliver(e, q) == EX_OK)
1457 nsent++;
1458 }
1459 }
1460 Verbose = oldverbose;
1461
1462 /*
1463 ** Now run through and check for errors.
1464 */
1465
1466 if (mode == SM_VERIFY) {
1467 if (lockfp != NULL)
1468 (void) fclose(lockfp);
1469 return;
1470 }
1471
1472 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
1473 {
1474 register ADDRESS *qq;
1475
1476 if (tTd(13, 3))
1477 {
1478 printf("Checking ");
1479 printaddr(q, FALSE);
1480 }
1481
1482 /* only send errors if the message failed */
1483 if (!bitset(QBADADDR, q->q_flags))
1484 continue;
1485
1486 /* we have an address that failed -- find the parent */
1487 for (qq = q; qq != NULL; qq = qq->q_alias)
1488 {
1489 char obuf[MAXNAME + 6];
1490 extern char *aliaslookup();
1491
1492 /* we can only have owners for local addresses */
1493 if (!bitnset(M_LOCAL, qq->q_mailer->m_flags))
1494 continue;
1495
1496 /* see if the owner list exists */
1497 (void) strcpy(obuf, "owner-");
1498 if (strncmp(qq->q_user, "owner-", 6) == 0)
1499 (void) strcat(obuf, "owner");
1500 else
1501 (void) strcat(obuf, qq->q_user);
1502 makelower(obuf);
1503 if (aliaslookup(obuf) == NULL)
1504 continue;
1505
1506 if (tTd(13, 4))
1507 printf("Errors to %s\n", obuf);
1508
1509 /* owner list exists -- add it to the error queue */
1510 sendtolist(obuf, (ADDRESS *) NULL, &e->e_errorqueue);
1511 ErrorMode = EM_MAIL;
1512 break;
1513 }
1514
1515 /* if we did not find an owner, send to the sender */
1516 if (qq == NULL && bitset(QBADADDR, q->q_flags))
1517 sendtolist(e->e_from.q_paddr, qq, &e->e_errorqueue);
1518 }
1519
1520 /* this removes the lock on the file */
1521 if (lockfp != NULL)
1522 (void) fclose(lockfp);
1523
1524 if (mode == SM_FORK)
1525 finis();
1526 }
1527