1 /*
2 * Copyright (c) 1983 Eric P. Allman
3 * Copyright (c) 1988 Regents of the University of California.
4 * All rights reserved.
5 *
6 * %sccs.include.redist.c%
7 */
8
9 #ifndef lint
10 static char sccsid[] = "@(#)deliver.c 5.53 (Berkeley) 01/05/92";
11 #endif /* not lint */
12
13 #include "sendmail.h"
14 #include <sys/signal.h>
15 #include <sys/stat.h>
16 #include <netdb.h>
17 #include <fcntl.h>
18 #include <errno.h>
19 #ifdef NAMED_BIND
20 #include <sys/param.h>
21 #include <arpa/nameser.h>
22 #include <resolv.h>
23 #endif
24
25 /*
26 ** DELIVER -- Deliver a message to a list of addresses.
27 **
28 ** This routine delivers to everyone on the same host as the
29 ** user on the head of the list. It is clever about mailers
30 ** that don't handle multiple users. It is NOT guaranteed
31 ** that it will deliver to all these addresses however -- so
32 ** deliver should be called once for each address on the
33 ** list.
34 **
35 ** Parameters:
36 ** e -- the envelope to deliver.
37 ** firstto -- head of the address list to deliver to.
38 **
39 ** Returns:
40 ** zero -- successfully delivered.
41 ** else -- some failure, see ExitStat for more info.
42 **
43 ** Side Effects:
44 ** The standard input is passed off to someone.
45 */
46
47 deliver(e, firstto)
48 register ENVELOPE *e;
49 ADDRESS *firstto;
50 {
51 char *host; /* host being sent to */
52 char *user; /* user being sent to */
53 char **pvp;
54 register char **mvp;
55 register char *p;
56 register MAILER *m; /* mailer for this recipient */
57 ADDRESS *ctladdr;
58 register ADDRESS *to = firstto;
59 bool clever = FALSE; /* running user smtp to this mailer */
60 ADDRESS *tochain = NULL; /* chain of users in this mailer call */
61 int rcode; /* response code */
62 char *from; /* pointer to from person */
63 char *pv[MAXPV+1];
64 char tobuf[MAXLINE-50]; /* text line of to people */
65 char buf[MAXNAME];
66 char tfrombuf[MAXNAME]; /* translated from person */
67 char rpathbuf[MAXNAME]; /* translated return path */
68 extern bool checkcompat();
69 extern ADDRESS *getctladdr();
70 extern char *remotename();
71
72 errno = 0;
73 if (bitset(QDONTSEND, to->q_flags))
74 return (0);
75
76 #ifdef NAMED_BIND
77 /* unless interactive, try twice, over a minute */
78 if (OpMode == MD_DAEMON || OpMode == MD_SMTP) {
79 _res.retrans = 30;
80 _res.retry = 2;
81 }
82 #endif
83
84 m = to->q_mailer;
85 host = to->q_host;
86
87 if (tTd(10, 1))
88 printf("\n--deliver, mailer=%d, host=`%s', first user=`%s'\n",
89 m->m_mno, host, to->q_user);
90
91 /*
92 ** If this mailer is expensive, and if we don't want to make
93 ** connections now, just mark these addresses and return.
94 ** This is useful if we want to batch connections to
95 ** reduce load. This will cause the messages to be
96 ** queued up, and a daemon will come along to send the
97 ** messages later.
98 ** This should be on a per-mailer basis.
99 */
100
101 if (NoConnect && !QueueRun && bitnset(M_EXPENSIVE, m->m_flags) &&
102 !Verbose)
103 {
104 for (; to != NULL; to = to->q_next)
105 {
106 if (bitset(QDONTSEND, to->q_flags) || to->q_mailer != m)
107 continue;
108 to->q_flags |= QQUEUEUP|QDONTSEND;
109 e->e_to = to->q_paddr;
110 message(Arpa_Info, "queued");
111 if (LogLevel > 4)
112 logdelivery("queued");
113 }
114 e->e_to = NULL;
115 return (0);
116 }
117
118 /*
119 ** Do initial argv setup.
120 ** Insert the mailer name. Notice that $x expansion is
121 ** NOT done on the mailer name. Then, if the mailer has
122 ** a picky -f flag, we insert it as appropriate. This
123 ** code does not check for 'pv' overflow; this places a
124 ** manifest lower limit of 4 for MAXPV.
125 ** The from address rewrite is expected to make
126 ** the address relative to the other end.
127 */
128
129 /* rewrite from address, using rewriting rules */
130 (void) strcpy(rpathbuf, remotename(e->e_returnpath, m, TRUE, TRUE));
131 if (e->e_returnpath == e->e_sender)
132 {
133 from = rpathbuf;
134 }
135 else
136 {
137 (void) strcpy(tfrombuf, remotename(e->e_sender, m, TRUE, TRUE));
138 from = tfrombuf;
139 }
140
141 define('f', e->e_returnpath, e); /* raw return path */
142 define('<', rpathbuf, e); /* translated return path */
143 define('g', from, e); /* translated sender */
144 define('h', host, e); /* to host */
145 Errors = 0;
146 pvp = pv;
147 *pvp++ = m->m_argv[0];
148
149 /* insert -f or -r flag as appropriate */
150 if (FromFlag && (bitnset(M_FOPT, m->m_flags) || bitnset(M_ROPT, m->m_flags)))
151 {
152 if (bitnset(M_FOPT, m->m_flags))
153 *pvp++ = "-f";
154 else
155 *pvp++ = "-r";
156 *pvp++ = newstr(rpathbuf);
157 }
158
159 /*
160 ** Append the other fixed parts of the argv. These run
161 ** up to the first entry containing "$u". There can only
162 ** be one of these, and there are only a few more slots
163 ** in the pv after it.
164 */
165
166 for (mvp = m->m_argv; (p = *++mvp) != NULL; )
167 {
168 while ((p = index(p, '\001')) != NULL)
169 if (*++p == 'u')
170 break;
171 if (p != NULL)
172 break;
173
174 /* this entry is safe -- go ahead and process it */
175 expand(*mvp, buf, &buf[sizeof buf - 1], e);
176 *pvp++ = newstr(buf);
177 if (pvp >= &pv[MAXPV - 3])
178 {
179 syserr("Too many parameters to %s before $u", pv[0]);
180 return (-1);
181 }
182 }
183
184 /*
185 ** If we have no substitution for the user name in the argument
186 ** list, we know that we must supply the names otherwise -- and
187 ** SMTP is the answer!!
188 */
189
190 if (*mvp == NULL)
191 {
192 /* running SMTP */
193 # ifdef SMTP
194 clever = TRUE;
195 *pvp = NULL;
196 # else SMTP
197 /* oops! we don't implement SMTP */
198 syserr("SMTP style mailer");
199 return (EX_SOFTWARE);
200 # endif SMTP
201 }
202
203 /*
204 ** At this point *mvp points to the argument with $u. We
205 ** run through our address list and append all the addresses
206 ** we can. If we run out of space, do not fret! We can
207 ** always send another copy later.
208 */
209
210 tobuf[0] = '\0';
211 e->e_to = tobuf;
212 ctladdr = NULL;
213 for (; to != NULL; to = to->q_next)
214 {
215 /* avoid sending multiple recipients to dumb mailers */
216 if (tobuf[0] != '\0' && !bitnset(M_MUSER, m->m_flags))
217 break;
218
219 /* if already sent or not for this host, don't send */
220 if (bitset(QDONTSEND, to->q_flags) ||
221 strcmp(to->q_host, host) != 0 ||
222 to->q_mailer != firstto->q_mailer)
223 continue;
224
225 /* avoid overflowing tobuf */
226 if (sizeof tobuf < (strlen(to->q_paddr) + strlen(tobuf) + 2))
227 break;
228
229 if (tTd(10, 1))
230 {
231 printf("\nsend to ");
232 printaddr(to, FALSE);
233 }
234
235 /* compute effective uid/gid when sending */
236 if (to->q_mailer == ProgMailer)
237 ctladdr = getctladdr(to);
238
239 user = to->q_user;
240 e->e_to = to->q_paddr;
241 to->q_flags |= QDONTSEND;
242
243 /*
244 ** Check to see that these people are allowed to
245 ** talk to each other.
246 */
247
248 if (m->m_maxsize != 0 && e->e_msgsize > m->m_maxsize)
249 {
250 NoReturn = TRUE;
251 usrerr("Message is too large; %ld bytes max", m->m_maxsize);
252 giveresponse(EX_UNAVAILABLE, m, e);
253 continue;
254 }
255 if (!checkcompat(to))
256 {
257 giveresponse(EX_UNAVAILABLE, m, e);
258 continue;
259 }
260
261 /*
262 ** Strip quote bits from names if the mailer is dumb
263 ** about them.
264 */
265
266 if (bitnset(M_STRIPQ, m->m_flags))
267 {
268 stripquotes(user, TRUE);
269 stripquotes(host, TRUE);
270 }
271 else
272 {
273 stripquotes(user, FALSE);
274 stripquotes(host, FALSE);
275 }
276
277 /* hack attack -- delivermail compatibility */
278 if (m == ProgMailer && *user == '|')
279 user++;
280
281 /*
282 ** If an error message has already been given, don't
283 ** bother to send to this address.
284 **
285 ** >>>>>>>>>> This clause assumes that the local mailer
286 ** >> NOTE >> cannot do any further aliasing; that
287 ** >>>>>>>>>> function is subsumed by sendmail.
288 */
289
290 if (bitset(QBADADDR|QQUEUEUP, to->q_flags))
291 continue;
292
293 /* save statistics.... */
294 markstats(e, to);
295
296 /*
297 ** See if this user name is "special".
298 ** If the user name has a slash in it, assume that this
299 ** is a file -- send it off without further ado. Note
300 ** that this type of addresses is not processed along
301 ** with the others, so we fudge on the To person.
302 */
303
304 if (m == LocalMailer)
305 {
306 if (user[0] == '/')
307 {
308 rcode = mailfile(user, getctladdr(to));
309 giveresponse(rcode, m, e);
310 if (rcode == EX_OK)
311 to->q_flags |= QSENT;
312 continue;
313 }
314 }
315
316 /*
317 ** Address is verified -- add this user to mailer
318 ** argv, and add it to the print list of recipients.
319 */
320
321 /* link together the chain of recipients */
322 to->q_tchain = tochain;
323 tochain = to;
324
325 /* create list of users for error messages */
326 (void) strcat(tobuf, ",");
327 (void) strcat(tobuf, to->q_paddr);
328 define('u', user, e); /* to user */
329 define('z', to->q_home, e); /* user's home */
330
331 /*
332 ** Expand out this user into argument list.
333 */
334
335 if (!clever)
336 {
337 expand(*mvp, buf, &buf[sizeof buf - 1], e);
338 *pvp++ = newstr(buf);
339 if (pvp >= &pv[MAXPV - 2])
340 {
341 /* allow some space for trailing parms */
342 break;
343 }
344 }
345 }
346
347 /* see if any addresses still exist */
348 if (tobuf[0] == '\0')
349 {
350 define('g', (char *) NULL, e);
351 define('<', (char *) NULL, e);
352 return (0);
353 }
354
355 /* print out messages as full list */
356 e->e_to = tobuf + 1;
357
358 /*
359 ** Fill out any parameters after the $u parameter.
360 */
361
362 while (!clever && *++mvp != NULL)
363 {
364 expand(*mvp, buf, &buf[sizeof buf - 1], e);
365 *pvp++ = newstr(buf);
366 if (pvp >= &pv[MAXPV])
367 syserr("deliver: pv overflow after $u for %s", pv[0]);
368 }
369 *pvp++ = NULL;
370
371 /*
372 ** Call the mailer.
373 ** The argument vector gets built, pipes
374 ** are created as necessary, and we fork & exec as
375 ** appropriate.
376 ** If we are running SMTP, we just need to clean up.
377 */
378
379 if (ctladdr == NULL)
380 ctladdr = &e->e_from;
381 #ifdef NAMED_BIND
382 if (ConfigLevel < 2)
383 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */
384 #endif
385 #ifdef SMTP
386 if (clever)
387 {
388 rcode = EX_OK;
389 #ifdef NAMED_BIND
390 if (host[0] && host[0] != '[')
391 {
392 expand("\001j", buf, &buf[sizeof(buf) - 1], e);
393 Nmx = getmxrr(host, MxHosts, buf, &rcode);
394 }
395 else
396 #endif
397 {
398 Nmx = 1;
399 MxHosts[0] = host;
400 }
401 if (Nmx >= 0)
402 {
403 message(Arpa_Info, "Connecting to %s (%s)...",
404 MxHosts[0], m->m_name);
405 if ((rcode = smtpinit(m, pv)) == EX_OK) {
406 register char *t = tobuf;
407 register int i;
408
409 /* send the recipient list */
410 tobuf[0] = '\0';
411 for (to = tochain; to; to = to->q_tchain) {
412 e->e_to = to->q_paddr;
413 if ((i = smtprcpt(to, m)) != EX_OK) {
414 markfailure(e, to, i);
415 giveresponse(i, m, e);
416 }
417 else {
418 *t++ = ',';
419 for (p = to->q_paddr; *p; *t++ = *p++);
420 }
421 }
422
423 /* now send the data */
424 if (tobuf[0] == '\0')
425 e->e_to = NULL;
426 else {
427 e->e_to = tobuf + 1;
428 rcode = smtpdata(m, e);
429 }
430
431 /* now close the connection */
432 smtpquit(m);
433 }
434 }
435 }
436 else
437 #endif /* SMTP */
438 {
439 static int sendoff();
440
441 message(Arpa_Info, "Connecting to %s (%s)...", host, m->m_name);
442 rcode = sendoff(e, m, pv, ctladdr);
443 }
444 #ifdef NAMED_BIND
445 if (ConfigLevel < 2)
446 _res.options |= RES_DEFNAMES | RES_DNSRCH; /* XXX */
447 #endif
448
449 /*
450 ** Do final status disposal.
451 ** We check for something in tobuf for the SMTP case.
452 ** If we got a temporary failure, arrange to queue the
453 ** addressees.
454 */
455
456 if (tobuf[0] != '\0')
457 giveresponse(rcode, m, e);
458 for (to = tochain; to != NULL; to = to->q_tchain)
459 if (rcode != EX_OK)
460 markfailure(e, to, rcode);
461 else
462 to->q_flags |= QSENT;
463
464 errno = 0;
465 define('g', (char *) NULL, e);
466 define('<', (char *) NULL, e);
467 return (rcode);
468 }
469 �/*
470 ** MARKFAILURE -- mark a failure on a specific address.
471 **
472 ** Parameters:
473 ** e -- the envelope we are sending.
474 ** q -- the address to mark.
475 ** rcode -- the code signifying the particular failure.
476 **
477 ** Returns:
478 ** none.
479 **
480 ** Side Effects:
481 ** marks the address (and possibly the envelope) with the
482 ** failure so that an error will be returned or
483 ** the message will be queued, as appropriate.
484 */
485
486 markfailure(e, q, rcode)
487 register ENVELOPE *e;
488 register ADDRESS *q;
489 int rcode;
490 {
491 if (rcode == EX_OK)
492 return;
493 else if (rcode != EX_TEMPFAIL && rcode != EX_IOERR && rcode != EX_OSERR)
494 q->q_flags |= QBADADDR;
495 else if (curtime() > e->e_ctime + TimeOut)
496 {
497 extern char *pintvl();
498 char buf[MAXLINE];
499
500 if (!bitset(EF_TIMEOUT, e->e_flags))
501 {
502 (void) sprintf(buf, "Cannot send message for %s",
503 pintvl(TimeOut, FALSE));
504 if (e->e_message != NULL)
505 free(e->e_message);
506 e->e_message = newstr(buf);
507 message(Arpa_Info, buf);
508 }
509 q->q_flags |= QBADADDR;
510 e->e_flags |= EF_TIMEOUT;
511 }
512 else
513 q->q_flags |= QQUEUEUP;
514 }
515 �/*
516 ** DOFORK -- do a fork, retrying a couple of times on failure.
517 **
518 ** This MUST be a macro, since after a vfork we are running
519 ** two processes on the same stack!!!
520 **
521 ** Parameters:
522 ** none.
523 **
524 ** Returns:
525 ** From a macro??? You've got to be kidding!
526 **
527 ** Side Effects:
528 ** Modifies the ==> LOCAL <== variable 'pid', leaving:
529 ** pid of child in parent, zero in child.
530 ** -1 on unrecoverable error.
531 **
532 ** Notes:
533 ** I'm awfully sorry this looks so awful. That's
534 ** vfork for you.....
535 */
536
537 # define NFORKTRIES 5
538
539 # ifndef FORK
540 # define FORK fork
541 # endif
542
543 # define DOFORK(fORKfN) \
544 {\
545 register int i;\
546 \
547 for (i = NFORKTRIES; --i >= 0; )\
548 {\
549 pid = fORKfN();\
550 if (pid >= 0)\
551 break;\
552 if (i > 0)\
553 sleep((unsigned) NFORKTRIES - i);\
554 }\
555 }
556 �/*
557 ** DOFORK -- simple fork interface to DOFORK.
558 **
559 ** Parameters:
560 ** none.
561 **
562 ** Returns:
563 ** pid of child in parent.
564 ** zero in child.
565 ** -1 on error.
566 **
567 ** Side Effects:
568 ** returns twice, once in parent and once in child.
569 */
570
571 dofork()
572 {
573 register int pid;
574
575 DOFORK(fork);
576 return (pid);
577 }
578 �/*
579 ** SENDOFF -- send off call to mailer & collect response.
580 **
581 ** Parameters:
582 ** e -- the envelope to mail.
583 ** m -- mailer descriptor.
584 ** pvp -- parameter vector to send to it.
585 ** ctladdr -- an address pointer controlling the
586 ** user/groupid etc. of the mailer.
587 **
588 ** Returns:
589 ** exit status of mailer.
590 **
591 ** Side Effects:
592 ** none.
593 */
594 static
595 sendoff(e, m, pvp, ctladdr)
596 register ENVELOPE *e;
597 MAILER *m;
598 char **pvp;
599 ADDRESS *ctladdr;
600 {
601 auto FILE *mfile;
602 auto FILE *rfile;
603 register int i;
604 int pid;
605
606 /*
607 ** Create connection to mailer.
608 */
609
610 pid = openmailer(m, pvp, ctladdr, FALSE, &mfile, &rfile);
611 if (pid < 0)
612 return (-1);
613
614 /*
615 ** Format and send message.
616 */
617
618 putfromline(mfile, m);
619 (*e->e_puthdr)(mfile, m, e);
620 putline("\n", mfile, m);
621 (*e->e_putbody)(mfile, m, e);
622 (void) fclose(mfile);
623 if (rfile != NULL)
624 (void) fclose(rfile);
625
626 i = endmailer(pid, pvp[0]);
627
628 /* arrange a return receipt if requested */
629 if (e->e_receiptto != NULL && bitnset(M_LOCAL, m->m_flags))
630 {
631 e->e_flags |= EF_SENDRECEIPT;
632 /* do we want to send back more info? */
633 }
634
635 return (i);
636 }
637 �/*
638 ** ENDMAILER -- Wait for mailer to terminate.
639 **
640 ** We should never get fatal errors (e.g., segmentation
641 ** violation), so we report those specially. For other
642 ** errors, we choose a status message (into statmsg),
643 ** and if it represents an error, we print it.
644 **
645 ** Parameters:
646 ** pid -- pid of mailer.
647 ** name -- name of mailer (for error messages).
648 **
649 ** Returns:
650 ** exit code of mailer.
651 **
652 ** Side Effects:
653 ** none.
654 */
655
656 endmailer(pid, name)
657 int pid;
658 char *name;
659 {
660 int st;
661
662 /* in the IPC case there is nothing to wait for */
663 if (pid == 0)
664 return (EX_OK);
665
666 /* wait for the mailer process to die and collect status */
667 st = waitfor(pid);
668 if (st == -1)
669 {
670 syserr("endmailer %s: wait", name);
671 return (EX_SOFTWARE);
672 }
673
674 /* see if it died a horrid death */
675 if ((st & 0377) != 0)
676 {
677 syserr("mailer %s died with signal %o", name, st);
678 ExitStat = EX_TEMPFAIL;
679 return (EX_TEMPFAIL);
680 }
681
682 /* normal death -- return status */
683 st = (st >> 8) & 0377;
684 return (st);
685 }
686 �/*
687 ** OPENMAILER -- open connection to mailer.
688 **
689 ** Parameters:
690 ** m -- mailer descriptor.
691 ** pvp -- parameter vector to pass to mailer.
692 ** ctladdr -- controlling address for user.
693 ** clever -- create a full duplex connection.
694 ** pmfile -- pointer to mfile (to mailer) connection.
695 ** prfile -- pointer to rfile (from mailer) connection.
696 **
697 ** Returns:
698 ** pid of mailer ( > 0 ).
699 ** -1 on error.
700 ** zero on an IPC connection.
701 **
702 ** Side Effects:
703 ** creates a mailer in a subprocess.
704 */
705
706 openmailer(m, pvp, ctladdr, clever, pmfile, prfile)
707 MAILER *m;
708 char **pvp;
709 ADDRESS *ctladdr;
710 bool clever;
711 FILE **pmfile;
712 FILE **prfile;
713 {
714 int pid;
715 int mpvect[2];
716 int rpvect[2];
717 FILE *mfile = NULL;
718 FILE *rfile = NULL;
719 extern FILE *fdopen();
720
721 if (tTd(11, 1))
722 {
723 printf("openmailer:");
724 printav(pvp);
725 }
726 errno = 0;
727
728 CurHostName = m->m_mailer;
729
730 /*
731 ** Deal with the special case of mail handled through an IPC
732 ** connection.
733 ** In this case we don't actually fork. We must be
734 ** running SMTP for this to work. We will return a
735 ** zero pid to indicate that we are running IPC.
736 ** We also handle a debug version that just talks to stdin/out.
737 */
738
739 /* check for Local Person Communication -- not for mortals!!! */
740 if (strcmp(m->m_mailer, "[LPC]") == 0)
741 {
742 *pmfile = stdout;
743 *prfile = stdin;
744 return (0);
745 }
746
747 if (strcmp(m->m_mailer, "[IPC]") == 0 ||
748 strcmp(m->m_mailer, "[TCP]") == 0)
749 {
750 #ifdef DAEMON
751 register STAB *st;
752 extern STAB *stab();
753 register int i, j;
754 register u_short port;
755
756 CurHostName = pvp[1];
757 if (!clever)
758 syserr("non-clever IPC");
759 if (pvp[2] != NULL)
760 port = atoi(pvp[2]);
761 else
762 port = 0;
763 for (j = 0; j < Nmx; j++)
764 {
765 CurHostName = MxHosts[j];
766 /* see if we already know that this host is fried */
767 st = stab(MxHosts[j], ST_HOST, ST_FIND);
768 if (st == NULL || st->s_host.ho_exitstat == EX_OK)
769 {
770 message(Arpa_Info, "Connecting to %s (%s)...",
771 MxHosts[j], m->m_name);
772 i = makeconnection(MxHosts[j], port,
773 pmfile, prfile,
774 bitnset(M_SECURE_PORT, m->m_flags));
775 }
776 else
777 {
778 i = st->s_host.ho_exitstat;
779 errno = st->s_host.ho_errno;
780 }
781 if (i != EX_OK)
782 {
783 /* enter status of this host */
784 if (st == NULL)
785 st = stab(MxHosts[j], ST_HOST, ST_ENTER);
786 st->s_host.ho_exitstat = i;
787 st->s_host.ho_errno = errno;
788 ExitStat = i;
789 continue;
790 }
791 else
792 return (0);
793 }
794 return (-1);
795 #else DAEMON
796 syserr("openmailer: no IPC");
797 return (-1);
798 #endif DAEMON
799 }
800
801 /* create a pipe to shove the mail through */
802 if (pipe(mpvect) < 0)
803 {
804 syserr("openmailer: pipe (to mailer)");
805 return (-1);
806 }
807
808 #ifdef SMTP
809 /* if this mailer speaks smtp, create a return pipe */
810 if (clever && pipe(rpvect) < 0)
811 {
812 syserr("openmailer: pipe (from mailer)");
813 (void) close(mpvect[0]);
814 (void) close(mpvect[1]);
815 return (-1);
816 }
817 #endif SMTP
818
819 /*
820 ** Actually fork the mailer process.
821 ** DOFORK is clever about retrying.
822 **
823 ** Dispose of SIGCHLD signal catchers that may be laying
824 ** around so that endmail will get it.
825 */
826
827 if (CurEnv->e_xfp != NULL)
828 (void) fflush(CurEnv->e_xfp); /* for debugging */
829 (void) fflush(stdout);
830 # ifdef SIGCHLD
831 (void) signal(SIGCHLD, SIG_DFL);
832 # endif SIGCHLD
833 DOFORK(FORK);
834 /* pid is set by DOFORK */
835 if (pid < 0)
836 {
837 /* failure */
838 syserr("openmailer: cannot fork");
839 (void) close(mpvect[0]);
840 (void) close(mpvect[1]);
841 #ifdef SMTP
842 if (clever)
843 {
844 (void) close(rpvect[0]);
845 (void) close(rpvect[1]);
846 }
847 #endif SMTP
848 return (-1);
849 }
850 else if (pid == 0)
851 {
852 int i;
853 extern int DtableSize;
854
855 /* child -- set up input & exec mailer */
856 /* make diagnostic output be standard output */
857 (void) signal(SIGINT, SIG_IGN);
858 (void) signal(SIGHUP, SIG_IGN);
859 (void) signal(SIGTERM, SIG_DFL);
860
861 /* arrange to filter standard & diag output of command */
862 if (clever)
863 {
864 (void) close(rpvect[0]);
865 (void) close(1);
866 (void) dup(rpvect[1]);
867 (void) close(rpvect[1]);
868 }
869 else if (OpMode == MD_SMTP || HoldErrs)
870 {
871 /* put mailer output in transcript */
872 (void) close(1);
873 (void) dup(fileno(CurEnv->e_xfp));
874 }
875 (void) close(2);
876 (void) dup(1);
877
878 /* arrange to get standard input */
879 (void) close(mpvect[1]);
880 (void) close(0);
881 if (dup(mpvect[0]) < 0)
882 {
883 syserr("Cannot dup to zero!");
884 _exit(EX_OSERR);
885 }
886 (void) close(mpvect[0]);
887 if (!bitnset(M_RESTR, m->m_flags))
888 {
889 if (ctladdr == NULL || ctladdr->q_uid == 0)
890 {
891 (void) setgid(DefGid);
892 (void) initgroups(DefUser, DefGid);
893 (void) setuid(DefUid);
894 }
895 else
896 {
897 (void) setgid(ctladdr->q_gid);
898 (void) initgroups(ctladdr->q_ruser?
899 ctladdr->q_ruser: ctladdr->q_user,
900 ctladdr->q_gid);
901 (void) setuid(ctladdr->q_uid);
902 }
903 }
904
905 /* arrange for all the files to be closed */
906 for (i = 3; i < DtableSize; i++) {
907 register int j;
908 if ((j = fcntl(i, F_GETFD, 0)) != -1)
909 (void)fcntl(i, F_SETFD, j|1);
910 }
911
912 /* try to execute the mailer */
913 execve(m->m_mailer, pvp, UserEnviron);
914 syserr("Cannot exec %s", m->m_mailer);
915 if (m == LocalMailer)
916 _exit(EX_TEMPFAIL);
917 switch (errno)
918 {
919 case EIO:
920 case EAGAIN:
921 case ENOMEM:
922 # ifdef EPROCLIM
923 case EPROCLIM:
924 # endif
925 _exit(EX_TEMPFAIL);
926 }
927 _exit(EX_UNAVAILABLE);
928 }
929
930 /*
931 ** Set up return value.
932 */
933
934 (void) close(mpvect[0]);
935 mfile = fdopen(mpvect[1], "w");
936 if (clever)
937 {
938 (void) close(rpvect[1]);
939 rfile = fdopen(rpvect[0], "r");
940 } else
941 rfile = NULL;
942
943 *pmfile = mfile;
944 *prfile = rfile;
945
946 return (pid);
947 }
948 �/*
949 ** GIVERESPONSE -- Interpret an error response from a mailer
950 **
951 ** Parameters:
952 ** stat -- the status code from the mailer (high byte
953 ** only; core dumps must have been taken care of
954 ** already).
955 ** m -- the mailer descriptor for this mailer.
956 **
957 ** Returns:
958 ** none.
959 **
960 ** Side Effects:
961 ** Errors may be incremented.
962 ** ExitStat may be set.
963 */
964
965 giveresponse(stat, m, e)
966 int stat;
967 register MAILER *m;
968 ENVELOPE *e;
969 {
970 register char *statmsg;
971 extern char *SysExMsg[];
972 register int i;
973 extern int N_SysEx;
974 #ifdef NAMED_BIND
975 extern int h_errno;
976 #endif
977 char buf[MAXLINE];
978
979 #ifdef lint
980 if (m == NULL)
981 return;
982 #endif lint
983
984 /*
985 ** Compute status message from code.
986 */
987
988 i = stat - EX__BASE;
989 if (stat == 0)
990 statmsg = "250 Sent";
991 else if (i < 0 || i > N_SysEx)
992 {
993 (void) sprintf(buf, "554 unknown mailer error %d", stat);
994 stat = EX_UNAVAILABLE;
995 statmsg = buf;
996 }
997 else if (stat == EX_TEMPFAIL)
998 {
999 (void) strcpy(buf, SysExMsg[i]);
1000 #ifdef NAMED_BIND
1001 if (h_errno == TRY_AGAIN)
1002 {
1003 extern char *errstring();
1004
1005 statmsg = errstring(h_errno+MAX_ERRNO);
1006 }
1007 else
1008 #endif
1009 {
1010 if (errno != 0)
1011 {
1012 extern char *errstring();
1013
1014 statmsg = errstring(errno);
1015 }
1016 else
1017 {
1018 #ifdef SMTP
1019 extern char SmtpError[];
1020
1021 statmsg = SmtpError;
1022 #else SMTP
1023 statmsg = NULL;
1024 #endif SMTP
1025 }
1026 }
1027 if (statmsg != NULL && statmsg[0] != '\0')
1028 {
1029 (void) strcat(buf, ": ");
1030 (void) strcat(buf, statmsg);
1031 }
1032 statmsg = buf;
1033 }
1034 else
1035 {
1036 statmsg = SysExMsg[i];
1037 }
1038
1039 /*
1040 ** Print the message as appropriate
1041 */
1042
1043 if (stat == EX_OK || stat == EX_TEMPFAIL)
1044 message(Arpa_Info, &statmsg[4]);
1045 else
1046 {
1047 Errors++;
1048 usrerr(statmsg);
1049 }
1050
1051 /*
1052 ** Final cleanup.
1053 ** Log a record of the transaction. Compute the new
1054 ** ExitStat -- if we already had an error, stick with
1055 ** that.
1056 */
1057
1058 if (LogLevel > ((stat == 0 || stat == EX_TEMPFAIL) ? 3 : 2))
1059 logdelivery(&statmsg[4]);
1060
1061 if (stat != EX_TEMPFAIL)
1062 setstat(stat);
1063 if (stat != EX_OK)
1064 {
1065 if (e->e_message != NULL)
1066 free(e->e_message);
1067 e->e_message = newstr(&statmsg[4]);
1068 }
1069 errno = 0;
1070 #ifdef NAMED_BIND
1071 h_errno = 0;
1072 #endif
1073 }
1074 �/*
1075 ** LOGDELIVERY -- log the delivery in the system log
1076 **
1077 ** Parameters:
1078 ** stat -- the message to print for the status
1079 **
1080 ** Returns:
1081 ** none
1082 **
1083 ** Side Effects:
1084 ** none
1085 */
1086
1087 logdelivery(stat)
1088 char *stat;
1089 {
1090 extern char *pintvl();
1091
1092 # ifdef LOG
1093 syslog(LOG_INFO, "%s: to=%s, delay=%s, stat=%s", CurEnv->e_id,
1094 CurEnv->e_to, pintvl(curtime() - CurEnv->e_ctime, TRUE), stat);
1095 # endif LOG
1096 }
1097 �/*
1098 ** PUTFROMLINE -- output a UNIX-style from line (or whatever)
1099 **
1100 ** This can be made an arbitrary message separator by changing $l
1101 **
1102 ** One of the ugliest hacks seen by human eyes is contained herein:
1103 ** UUCP wants those stupid "remote from <host>" lines. Why oh why
1104 ** does a well-meaning programmer such as myself have to deal with
1105 ** this kind of antique garbage????
1106 **
1107 ** Parameters:
1108 ** fp -- the file to output to.
1109 ** m -- the mailer describing this entry.
1110 **
1111 ** Returns:
1112 ** none
1113 **
1114 ** Side Effects:
1115 ** outputs some text to fp.
1116 */
1117
1118 putfromline(fp, m)
1119 register FILE *fp;
1120 register MAILER *m;
1121 {
1122 char *template = "\001l\n";
1123 char buf[MAXLINE];
1124
1125 if (bitnset(M_NHDR, m->m_flags))
1126 return;
1127
1128 # ifdef UGLYUUCP
1129 if (bitnset(M_UGLYUUCP, m->m_flags))
1130 {
1131 char *bang;
1132 char xbuf[MAXLINE];
1133
1134 expand("\001<", buf, &buf[sizeof buf - 1], CurEnv);
1135 bang = index(buf, '!');
1136 if (bang == NULL)
1137 syserr("No ! in UUCP! (%s)", buf);
1138 else
1139 {
1140 *bang++ = '\0';
1141 (void) sprintf(xbuf, "From %s \001d remote from %s\n", bang, buf);
1142 template = xbuf;
1143 }
1144 }
1145 # endif UGLYUUCP
1146 expand(template, buf, &buf[sizeof buf - 1], CurEnv);
1147 putline(buf, fp, m);
1148 }
1149 �/*
1150 ** PUTBODY -- put the body of a message.
1151 **
1152 ** Parameters:
1153 ** fp -- file to output onto.
1154 ** m -- a mailer descriptor to control output format.
1155 ** e -- the envelope to put out.
1156 **
1157 ** Returns:
1158 ** none.
1159 **
1160 ** Side Effects:
1161 ** The message is written onto fp.
1162 */
1163
1164 putbody(fp, m, e)
1165 FILE *fp;
1166 MAILER *m;
1167 register ENVELOPE *e;
1168 {
1169 char buf[MAXLINE];
1170
1171 /*
1172 ** Output the body of the message
1173 */
1174
1175 if (e->e_dfp == NULL)
1176 {
1177 if (e->e_df != NULL)
1178 {
1179 e->e_dfp = fopen(e->e_df, "r");
1180 if (e->e_dfp == NULL)
1181 syserr("putbody: Cannot open %s for %s from %s",
1182 e->e_df, e->e_to, e->e_from);
1183 }
1184 else
1185 putline("<<< No Message Collected >>>", fp, m);
1186 }
1187 if (e->e_dfp != NULL)
1188 {
1189 rewind(e->e_dfp);
1190 while (!ferror(fp) && fgets(buf, sizeof buf, e->e_dfp) != NULL)
1191 {
1192 if (buf[0] == 'F' && bitnset(M_ESCFROM, m->m_flags) &&
1193 strncmp(buf, "From ", 5) == 0)
1194 (void) putc('>', fp);
1195 putline(buf, fp, m);
1196 }
1197
1198 if (ferror(e->e_dfp))
1199 {
1200 syserr("putbody: read error");
1201 ExitStat = EX_IOERR;
1202 }
1203 }
1204
1205 (void) fflush(fp);
1206 if (ferror(fp) && errno != EPIPE)
1207 {
1208 syserr("putbody: write error");
1209 ExitStat = EX_IOERR;
1210 }
1211 errno = 0;
1212 }
1213 �/*
1214 ** MAILFILE -- Send a message to a file.
1215 **
1216 ** If the file has the setuid/setgid bits set, but NO execute
1217 ** bits, sendmail will try to become the owner of that file
1218 ** rather than the real user. Obviously, this only works if
1219 ** sendmail runs as root.
1220 **
1221 ** This could be done as a subordinate mailer, except that it
1222 ** is used implicitly to save messages in ~/dead.letter. We
1223 ** view this as being sufficiently important as to include it
1224 ** here. For example, if the system is dying, we shouldn't have
1225 ** to create another process plus some pipes to save the message.
1226 **
1227 ** Parameters:
1228 ** filename -- the name of the file to send to.
1229 ** ctladdr -- the controlling address header -- includes
1230 ** the userid/groupid to be when sending.
1231 **
1232 ** Returns:
1233 ** The exit code associated with the operation.
1234 **
1235 ** Side Effects:
1236 ** none.
1237 */
1238
1239 mailfile(filename, ctladdr)
1240 char *filename;
1241 ADDRESS *ctladdr;
1242 {
1243 register FILE *f;
1244 register int pid;
1245 ENVELOPE *e = CurEnv;
1246
1247 /*
1248 ** Fork so we can change permissions here.
1249 ** Note that we MUST use fork, not vfork, because of
1250 ** the complications of calling subroutines, etc.
1251 */
1252
1253 DOFORK(fork);
1254
1255 if (pid < 0)
1256 return (EX_OSERR);
1257 else if (pid == 0)
1258 {
1259 /* child -- actually write to file */
1260 struct stat stb;
1261
1262 (void) signal(SIGINT, SIG_DFL);
1263 (void) signal(SIGHUP, SIG_DFL);
1264 (void) signal(SIGTERM, SIG_DFL);
1265 (void) umask(OldUmask);
1266 if (stat(filename, &stb) < 0)
1267 {
1268 errno = 0;
1269 stb.st_mode = 0666;
1270 }
1271 if (bitset(0111, stb.st_mode))
1272 exit(EX_CANTCREAT);
1273 if (ctladdr == NULL)
1274 ctladdr = &e->e_from;
1275 /* we have to open the dfile BEFORE setuid */
1276 if (e->e_dfp == NULL && e->e_df != NULL)
1277 {
1278 e->e_dfp = fopen(e->e_df, "r");
1279 if (e->e_dfp == NULL) {
1280 syserr("mailfile: Cannot open %s for %s from %s",
1281 e->e_df, e->e_to, e->e_from);
1282 }
1283 }
1284
1285 if (!bitset(S_ISGID, stb.st_mode) || setgid(stb.st_gid) < 0)
1286 {
1287 if (ctladdr->q_uid == 0) {
1288 (void) setgid(DefGid);
1289 (void) initgroups(DefUser, DefGid);
1290 } else {
1291 (void) setgid(ctladdr->q_gid);
1292 (void) initgroups(ctladdr->q_ruser?
1293 ctladdr->q_ruser: ctladdr->q_user,
1294 ctladdr->q_gid);
1295 }
1296 }
1297 if (!bitset(S_ISUID, stb.st_mode) || setuid(stb.st_uid) < 0)
1298 {
1299 if (ctladdr->q_uid == 0)
1300 (void) setuid(DefUid);
1301 else
1302 (void) setuid(ctladdr->q_uid);
1303 }
1304 f = dfopen(filename, "a");
1305 if (f == NULL)
1306 exit(EX_CANTCREAT);
1307
1308 putfromline(f, ProgMailer);
1309 (*CurEnv->e_puthdr)(f, ProgMailer, CurEnv);
1310 putline("\n", f, ProgMailer);
1311 (*CurEnv->e_putbody)(f, ProgMailer, CurEnv);
1312 putline("\n", f, ProgMailer);
1313 (void) fclose(f);
1314 (void) fflush(stdout);
1315
1316 /* reset ISUID & ISGID bits for paranoid systems */
1317 (void) chmod(filename, (int) stb.st_mode);
1318 exit(EX_OK);
1319 /*NOTREACHED*/
1320 }
1321 else
1322 {
1323 /* parent -- wait for exit status */
1324 int st;
1325
1326 st = waitfor(pid);
1327 if ((st & 0377) != 0)
1328 return (EX_UNAVAILABLE);
1329 else
1330 return ((st >> 8) & 0377);
1331 /*NOTREACHED*/
1332 }
1333 }
1334 �/*
1335 ** SENDALL -- actually send all the messages.
1336 **
1337 ** Parameters:
1338 ** e -- the envelope to send.
1339 ** mode -- the delivery mode to use. If SM_DEFAULT, use
1340 ** the current SendMode.
1341 **
1342 ** Returns:
1343 ** none.
1344 **
1345 ** Side Effects:
1346 ** Scans the send lists and sends everything it finds.
1347 ** Delivers any appropriate error messages.
1348 ** If we are running in a non-interactive mode, takes the
1349 ** appropriate action.
1350 */
1351
1352 sendall(e, mode)
1353 ENVELOPE *e;
1354 char mode;
1355 {
1356 register ADDRESS *q;
1357 bool oldverbose;
1358 int pid;
1359 int nsent;
1360 # ifdef LOCKF
1361 struct flock lfd;
1362 # endif
1363
1364 /* determine actual delivery mode */
1365 if (mode == SM_DEFAULT)
1366 {
1367 extern bool shouldqueue();
1368
1369 if (shouldqueue(e->e_msgpriority))
1370 mode = SM_QUEUE;
1371 else
1372 mode = SendMode;
1373 }
1374
1375 if (tTd(13, 1))
1376 {
1377 printf("\nSENDALL: mode %c, sendqueue:\n", mode);
1378 printaddr(e->e_sendqueue, TRUE);
1379 }
1380
1381 /*
1382 ** Do any preprocessing necessary for the mode we are running.
1383 ** Check to make sure the hop count is reasonable.
1384 ** Delete sends to the sender in mailing lists.
1385 */
1386
1387 CurEnv = e;
1388
1389 if (e->e_hopcount > MaxHopCount)
1390 {
1391 errno = 0;
1392 syserr("sendall: too many hops %d (%d max): from %s, to %s",
1393 e->e_hopcount, MaxHopCount, e->e_from, e->e_to);
1394 return;
1395 }
1396
1397 if (!MeToo)
1398 {
1399 extern ADDRESS *recipient();
1400
1401 e->e_from.q_flags |= QDONTSEND;
1402 (void) recipient(&e->e_from, &e->e_sendqueue);
1403 }
1404
1405 # ifdef QUEUE
1406 if ((mode == SM_QUEUE || mode == SM_FORK ||
1407 (mode != SM_VERIFY && SuperSafe)) &&
1408 !bitset(EF_INQUEUE, e->e_flags))
1409 queueup(e, TRUE, mode == SM_QUEUE);
1410 #endif QUEUE
1411
1412 oldverbose = Verbose;
1413 switch (mode)
1414 {
1415 case SM_VERIFY:
1416 Verbose = TRUE;
1417 break;
1418
1419 case SM_QUEUE:
1420 queueonly:
1421 e->e_flags |= EF_INQUEUE|EF_KEEPQUEUE;
1422 return;
1423
1424 case SM_FORK:
1425 if (e->e_xfp != NULL)
1426 (void) fflush(e->e_xfp);
1427
1428 # ifdef LOCKF
1429 /*
1430 ** Since lockf has the interesting semantic that the
1431 ** lock is lost when we fork, we have to risk losing
1432 ** the lock here by closing before the fork, and then
1433 ** trying to get it back in the child.
1434 */
1435
1436 if (e->e_lockfp != NULL)
1437 {
1438 (void) fclose(e->e_lockfp);
1439 e->e_lockfp = NULL;
1440 }
1441 # endif /* LOCKF */
1442
1443 pid = fork();
1444 if (pid < 0)
1445 {
1446 goto queueonly;
1447 }
1448 else if (pid > 0)
1449 {
1450 /* be sure we leave the temp files to our child */
1451 e->e_id = e->e_df = NULL;
1452 # ifndef LOCKF
1453 if (e->e_lockfp != NULL)
1454 (void) fclose(e->e_lockfp);
1455 # endif
1456 return;
1457 }
1458
1459 /* double fork to avoid zombies */
1460 if (fork() > 0)
1461 exit(EX_OK);
1462
1463 /* be sure we are immune from the terminal */
1464 disconnect(FALSE);
1465
1466 # ifdef LOCKF
1467 /*
1468 ** Now try to get our lock back.
1469 */
1470
1471 lfd.l_type = F_WRLCK;
1472 lfd.l_whence = lfd.l_start = lfd.l_len = 0;
1473 e->e_lockfp = fopen(queuename(e, 'q'), "r+");
1474 if (e->e_lockfp == NULL ||
1475 fcntl(fileno(e->e_lockfp), F_SETLK, &lfd) < 0)
1476 {
1477 /* oops.... lost it */
1478 # ifdef LOG
1479 if (LogLevel > 5)
1480 syslog(LOG_NOTICE, "%s: lost lock: %m",
1481 CurEnv->e_id);
1482 # endif /* LOG */
1483 exit(EX_OK);
1484 }
1485 # endif /* LOCKF */
1486
1487 break;
1488 }
1489
1490 /*
1491 ** Run through the list and send everything.
1492 */
1493
1494 nsent = 0;
1495 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
1496 {
1497 if (mode == SM_VERIFY)
1498 {
1499 e->e_to = q->q_paddr;
1500 if (!bitset(QDONTSEND|QBADADDR, q->q_flags))
1501 message(Arpa_Info, "deliverable");
1502 }
1503 else if (!bitset(QDONTSEND, q->q_flags))
1504 {
1505 # ifdef QUEUE
1506 /*
1507 ** Checkpoint the send list every few addresses
1508 */
1509
1510 if (nsent >= CheckpointInterval)
1511 {
1512 queueup(e, TRUE, FALSE);
1513 nsent = 0;
1514 }
1515 # endif /* QUEUE */
1516 if (deliver(e, q) == EX_OK)
1517 nsent++;
1518 }
1519 }
1520 Verbose = oldverbose;
1521
1522 /*
1523 ** Now run through and check for errors.
1524 */
1525
1526 if (mode == SM_VERIFY)
1527 return;
1528
1529 for (q = e->e_sendqueue; q != NULL; q = q->q_next)
1530 {
1531 register ADDRESS *qq;
1532
1533 if (tTd(13, 3))
1534 {
1535 printf("Checking ");
1536 printaddr(q, FALSE);
1537 }
1538
1539 /* only send errors if the message failed */
1540 if (!bitset(QBADADDR, q->q_flags))
1541 continue;
1542
1543 /* we have an address that failed -- find the parent */
1544 for (qq = q; qq != NULL; qq = qq->q_alias)
1545 {
1546 char obuf[MAXNAME + 6];
1547 extern char *aliaslookup();
1548
1549 /* we can only have owners for local addresses */
1550 if (!bitnset(M_LOCAL, qq->q_mailer->m_flags))
1551 continue;
1552
1553 /* see if the owner list exists */
1554 (void) strcpy(obuf, "owner-");
1555 if (strncmp(qq->q_user, "owner-", 6) == 0)
1556 (void) strcat(obuf, "owner");
1557 else
1558 (void) strcat(obuf, qq->q_user);
1559 makelower(obuf);
1560 if (aliaslookup(obuf) == NULL)
1561 continue;
1562
1563 if (tTd(13, 4))
1564 printf("Errors to %s\n", obuf);
1565
1566 /* owner list exists -- add it to the error queue */
1567 sendtolist(obuf, (ADDRESS *) NULL, &e->e_errorqueue);
1568 ErrorMode = EM_MAIL;
1569 break;
1570 }
1571
1572 /* if we did not find an owner, send to the sender */
1573 if (qq == NULL && bitset(QBADADDR, q->q_flags))
1574 sendtolist(e->e_from.q_paddr, qq, &e->e_errorqueue);
1575 }
1576
1577 if (mode == SM_FORK)
1578 finis();
1579 }
1580