1 /* 2 * Copyright (c) 1983 Eric P. Allman 3 * Copyright (c) 1988 Regents of the University of California. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms are permitted 7 * provided that the above copyright notice and this paragraph are 8 * duplicated in all such forms and that any documentation, 9 * advertising materials, and other materials related to such 10 * distribution and use acknowledge that the software was developed 11 * by the University of California, Berkeley. The name of the 12 * University may not be used to endorse or promote products derived 13 * from this software without specific prior written permission. 14 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 16 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 17 */ 18 19 #ifndef lint 20 static char sccsid[] = "@(#)deliver.c 5.24 (Berkeley) 10/22/88"; 21 #endif /* not lint */ 22 23 #include <sendmail.h> 24 #include <sys/signal.h> 25 #include <sys/stat.h> 26 #include <netdb.h> 27 #include <fcntl.h> 28 #include <errno.h> 29 #ifdef NAMED_BIND 30 #include <arpa/nameser.h> 31 #include <resolv.h> 32 #endif 33 34 /* 35 ** DELIVER -- Deliver a message to a list of addresses. 36 ** 37 ** This routine delivers to everyone on the same host as the 38 ** user on the head of the list. It is clever about mailers 39 ** that don't handle multiple users. It is NOT guaranteed 40 ** that it will deliver to all these addresses however -- so 41 ** deliver should be called once for each address on the 42 ** list. 43 ** 44 ** Parameters: 45 ** e -- the envelope to deliver. 46 ** firstto -- head of the address list to deliver to. 47 ** 48 ** Returns: 49 ** zero -- successfully delivered. 50 ** else -- some failure, see ExitStat for more info. 51 ** 52 ** Side Effects: 53 ** The standard input is passed off to someone. 54 */ 55 56 deliver(e, firstto) 57 register ENVELOPE *e; 58 ADDRESS *firstto; 59 { 60 char *host; /* host being sent to */ 61 char *user; /* user being sent to */ 62 char **pvp; 63 register char **mvp; 64 register char *p; 65 register MAILER *m; /* mailer for this recipient */ 66 ADDRESS *ctladdr; 67 register ADDRESS *to = firstto; 68 bool clever = FALSE; /* running user smtp to this mailer */ 69 ADDRESS *tochain = NULL; /* chain of users in this mailer call */ 70 int rcode; /* response code */ 71 char *pv[MAXPV+1]; 72 char tobuf[MAXLINE-50]; /* text line of to people */ 73 char buf[MAXNAME]; 74 char tfrombuf[MAXNAME]; /* translated from person */ 75 extern bool checkcompat(); 76 extern ADDRESS *getctladdr(); 77 extern char *remotename(); 78 79 errno = 0; 80 if (bitset(QDONTSEND, to->q_flags)) 81 return (0); 82 83 #ifdef NAMED_BIND 84 /* unless interactive, try twice, over a minute */ 85 if (OpMode == MD_DAEMON || OpMode == MD_SMTP) { 86 _res.retrans = 30; 87 _res.retry = 2; 88 } 89 #endif NAMED_BIND 90 91 m = to->q_mailer; 92 host = to->q_host; 93 94 # ifdef DEBUG 95 if (tTd(10, 1)) 96 printf("\n--deliver, mailer=%d, host=`%s', first user=`%s'\n", 97 m->m_mno, host, to->q_user); 98 # endif DEBUG 99 100 /* 101 ** If this mailer is expensive, and if we don't want to make 102 ** connections now, just mark these addresses and return. 103 ** This is useful if we want to batch connections to 104 ** reduce load. This will cause the messages to be 105 ** queued up, and a daemon will come along to send the 106 ** messages later. 107 ** This should be on a per-mailer basis. 108 */ 109 110 if (NoConnect && !QueueRun && bitnset(M_EXPENSIVE, m->m_flags) && 111 !Verbose) 112 { 113 for (; to != NULL; to = to->q_next) 114 { 115 if (bitset(QDONTSEND, to->q_flags) || to->q_mailer != m) 116 continue; 117 to->q_flags |= QQUEUEUP|QDONTSEND; 118 e->e_to = to->q_paddr; 119 message(Arpa_Info, "queued"); 120 if (LogLevel > 4) 121 logdelivery("queued"); 122 } 123 e->e_to = NULL; 124 return (0); 125 } 126 127 /* 128 ** Do initial argv setup. 129 ** Insert the mailer name. Notice that $x expansion is 130 ** NOT done on the mailer name. Then, if the mailer has 131 ** a picky -f flag, we insert it as appropriate. This 132 ** code does not check for 'pv' overflow; this places a 133 ** manifest lower limit of 4 for MAXPV. 134 ** The from address rewrite is expected to make 135 ** the address relative to the other end. 136 */ 137 138 /* rewrite from address, using rewriting rules */ 139 expand("\001f", buf, &buf[sizeof buf - 1], e); 140 (void) strcpy(tfrombuf, remotename(buf, m, TRUE, TRUE)); 141 142 define('g', tfrombuf, e); /* translated sender address */ 143 define('h', host, e); /* to host */ 144 Errors = 0; 145 pvp = pv; 146 *pvp++ = m->m_argv[0]; 147 148 /* insert -f or -r flag as appropriate */ 149 if (FromFlag && (bitnset(M_FOPT, m->m_flags) || bitnset(M_ROPT, m->m_flags))) 150 { 151 if (bitnset(M_FOPT, m->m_flags)) 152 *pvp++ = "-f"; 153 else 154 *pvp++ = "-r"; 155 expand("\001g", buf, &buf[sizeof buf - 1], e); 156 *pvp++ = newstr(buf); 157 } 158 159 /* 160 ** Append the other fixed parts of the argv. These run 161 ** up to the first entry containing "$u". There can only 162 ** be one of these, and there are only a few more slots 163 ** in the pv after it. 164 */ 165 166 for (mvp = m->m_argv; (p = *++mvp) != NULL; ) 167 { 168 while ((p = index(p, '\001')) != NULL) 169 if (*++p == 'u') 170 break; 171 if (p != NULL) 172 break; 173 174 /* this entry is safe -- go ahead and process it */ 175 expand(*mvp, buf, &buf[sizeof buf - 1], e); 176 *pvp++ = newstr(buf); 177 if (pvp >= &pv[MAXPV - 3]) 178 { 179 syserr("Too many parameters to %s before $u", pv[0]); 180 return (-1); 181 } 182 } 183 184 /* 185 ** If we have no substitution for the user name in the argument 186 ** list, we know that we must supply the names otherwise -- and 187 ** SMTP is the answer!! 188 */ 189 190 if (*mvp == NULL) 191 { 192 /* running SMTP */ 193 # ifdef SMTP 194 clever = TRUE; 195 *pvp = NULL; 196 # else SMTP 197 /* oops! we don't implement SMTP */ 198 syserr("SMTP style mailer"); 199 return (EX_SOFTWARE); 200 # endif SMTP 201 } 202 203 /* 204 ** At this point *mvp points to the argument with $u. We 205 ** run through our address list and append all the addresses 206 ** we can. If we run out of space, do not fret! We can 207 ** always send another copy later. 208 */ 209 210 tobuf[0] = '\0'; 211 e->e_to = tobuf; 212 ctladdr = NULL; 213 for (; to != NULL; to = to->q_next) 214 { 215 /* avoid sending multiple recipients to dumb mailers */ 216 if (tobuf[0] != '\0' && !bitnset(M_MUSER, m->m_flags)) 217 break; 218 219 /* if already sent or not for this host, don't send */ 220 if (bitset(QDONTSEND, to->q_flags) || 221 strcmp(to->q_host, host) != 0 || 222 to->q_mailer != firstto->q_mailer) 223 continue; 224 225 /* avoid overflowing tobuf */ 226 if (sizeof tobuf - (strlen(to->q_paddr) + strlen(tobuf) + 2) < 0) 227 break; 228 229 # ifdef DEBUG 230 if (tTd(10, 1)) 231 { 232 printf("\nsend to "); 233 printaddr(to, FALSE); 234 } 235 # endif DEBUG 236 237 /* compute effective uid/gid when sending */ 238 if (to->q_mailer == ProgMailer) 239 ctladdr = getctladdr(to); 240 241 user = to->q_user; 242 e->e_to = to->q_paddr; 243 to->q_flags |= QDONTSEND; 244 245 /* 246 ** Check to see that these people are allowed to 247 ** talk to each other. 248 */ 249 250 if (m->m_maxsize != 0 && e->e_msgsize > m->m_maxsize) 251 { 252 NoReturn = TRUE; 253 usrerr("Message is too large; %ld bytes max", m->m_maxsize); 254 giveresponse(EX_UNAVAILABLE, m, e); 255 continue; 256 } 257 if (!checkcompat(to)) 258 { 259 giveresponse(EX_UNAVAILABLE, m, e); 260 continue; 261 } 262 263 /* 264 ** Strip quote bits from names if the mailer is dumb 265 ** about them. 266 */ 267 268 if (bitnset(M_STRIPQ, m->m_flags)) 269 { 270 stripquotes(user, TRUE); 271 stripquotes(host, TRUE); 272 } 273 else 274 { 275 stripquotes(user, FALSE); 276 stripquotes(host, FALSE); 277 } 278 279 /* hack attack -- delivermail compatibility */ 280 if (m == ProgMailer && *user == '|') 281 user++; 282 283 /* 284 ** If an error message has already been given, don't 285 ** bother to send to this address. 286 ** 287 ** >>>>>>>>>> This clause assumes that the local mailer 288 ** >> NOTE >> cannot do any further aliasing; that 289 ** >>>>>>>>>> function is subsumed by sendmail. 290 */ 291 292 if (bitset(QBADADDR|QQUEUEUP, to->q_flags)) 293 continue; 294 295 /* save statistics.... */ 296 markstats(e, to); 297 298 /* 299 ** See if this user name is "special". 300 ** If the user name has a slash in it, assume that this 301 ** is a file -- send it off without further ado. Note 302 ** that this type of addresses is not processed along 303 ** with the others, so we fudge on the To person. 304 */ 305 306 if (m == LocalMailer) 307 { 308 if (user[0] == '/') 309 { 310 rcode = mailfile(user, getctladdr(to)); 311 giveresponse(rcode, m, e); 312 continue; 313 } 314 } 315 316 /* 317 ** Address is verified -- add this user to mailer 318 ** argv, and add it to the print list of recipients. 319 */ 320 321 /* link together the chain of recipients */ 322 to->q_tchain = tochain; 323 tochain = to; 324 325 /* create list of users for error messages */ 326 (void) strcat(tobuf, ","); 327 (void) strcat(tobuf, to->q_paddr); 328 define('u', user, e); /* to user */ 329 define('z', to->q_home, e); /* user's home */ 330 331 /* 332 ** Expand out this user into argument list. 333 */ 334 335 if (!clever) 336 { 337 expand(*mvp, buf, &buf[sizeof buf - 1], e); 338 *pvp++ = newstr(buf); 339 if (pvp >= &pv[MAXPV - 2]) 340 { 341 /* allow some space for trailing parms */ 342 break; 343 } 344 } 345 } 346 347 /* see if any addresses still exist */ 348 if (tobuf[0] == '\0') 349 { 350 define('g', (char *) NULL, e); 351 return (0); 352 } 353 354 /* print out messages as full list */ 355 e->e_to = tobuf + 1; 356 357 /* 358 ** Fill out any parameters after the $u parameter. 359 */ 360 361 while (!clever && *++mvp != NULL) 362 { 363 expand(*mvp, buf, &buf[sizeof buf - 1], e); 364 *pvp++ = newstr(buf); 365 if (pvp >= &pv[MAXPV]) 366 syserr("deliver: pv overflow after $u for %s", pv[0]); 367 } 368 *pvp++ = NULL; 369 370 /* 371 ** Call the mailer. 372 ** The argument vector gets built, pipes 373 ** are created as necessary, and we fork & exec as 374 ** appropriate. 375 ** If we are running SMTP, we just need to clean up. 376 */ 377 378 if (ctladdr == NULL) 379 ctladdr = &e->e_from; 380 #ifdef NAMED_BIND 381 _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */ 382 #endif 383 #ifdef SMTP 384 if (clever) 385 { 386 expand("\001w", buf, &buf[sizeof(buf) - 1], e); 387 rcode = EX_OK; 388 #ifdef NAMED_BIND 389 if (host[0] != '[') 390 { 391 Nmx = getmxrr(host, MxHosts, buf, &rcode); 392 } 393 else 394 #endif 395 { 396 Nmx = 1; 397 MxHosts[0] = host; 398 } 399 if (Nmx >= 0) 400 { 401 message(Arpa_Info, "Connecting to %s (%s)...", 402 MxHosts[0], m->m_name); 403 if ((rcode = smtpinit(m, pv)) == EX_OK) { 404 /* send the recipient list */ 405 tobuf[0] = '\0'; 406 for (to = tochain; to; to = to->q_tchain) { 407 register int i; 408 register char *t = tobuf; 409 410 e->e_to = to->q_paddr; 411 if ((i = smtprcpt(to, m)) != EX_OK) { 412 markfailure(e, to, i); 413 giveresponse(i, m, e); 414 } 415 else { 416 *t++ = ','; 417 for (p = to->q_paddr; *p; *t++ = *p++); 418 } 419 } 420 421 /* now send the data */ 422 if (tobuf[0] == '\0') 423 e->e_to = NULL; 424 else { 425 e->e_to = tobuf + 1; 426 rcode = smtpdata(m, e); 427 } 428 429 /* now close the connection */ 430 smtpquit(m); 431 } 432 } 433 } 434 else 435 #endif /* SMTP */ 436 { 437 message(Arpa_Info, "Connecting to %s (%s)...", host, m->m_name); 438 rcode = sendoff(e, m, pv, ctladdr); 439 } 440 #ifdef NAMED_BIND 441 _res.options |= RES_DEFNAMES | RES_DNSRCH; /* XXX */ 442 #endif 443 444 /* 445 ** Do final status disposal. 446 ** We check for something in tobuf for the SMTP case. 447 ** If we got a temporary failure, arrange to queue the 448 ** addressees. 449 */ 450 451 if (tobuf[0] != '\0') 452 giveresponse(rcode, m, e); 453 if (rcode != EX_OK) 454 for (to = tochain; to != NULL; to = to->q_tchain) 455 markfailure(e, to, rcode); 456 457 errno = 0; 458 define('g', (char *) NULL, e); 459 return (rcode); 460 } 461 /* 462 ** MARKFAILURE -- mark a failure on a specific address. 463 ** 464 ** Parameters: 465 ** e -- the envelope we are sending. 466 ** q -- the address to mark. 467 ** rcode -- the code signifying the particular failure. 468 ** 469 ** Returns: 470 ** none. 471 ** 472 ** Side Effects: 473 ** marks the address (and possibly the envelope) with the 474 ** failure so that an error will be returned or 475 ** the message will be queued, as appropriate. 476 */ 477 478 markfailure(e, q, rcode) 479 register ENVELOPE *e; 480 register ADDRESS *q; 481 int rcode; 482 { 483 if (rcode == EX_OK) 484 return; 485 else if (rcode != EX_TEMPFAIL) 486 q->q_flags |= QBADADDR; 487 else if (curtime() > e->e_ctime + TimeOut) 488 { 489 extern char *pintvl(); 490 char buf[MAXLINE]; 491 492 if (!bitset(EF_TIMEOUT, e->e_flags)) 493 { 494 (void) sprintf(buf, "Cannot send message for %s", 495 pintvl(TimeOut, FALSE)); 496 if (e->e_message != NULL) 497 free(e->e_message); 498 e->e_message = newstr(buf); 499 message(Arpa_Info, buf); 500 } 501 q->q_flags |= QBADADDR; 502 e->e_flags |= EF_TIMEOUT; 503 } 504 else 505 q->q_flags |= QQUEUEUP; 506 } 507 /* 508 ** DOFORK -- do a fork, retrying a couple of times on failure. 509 ** 510 ** This MUST be a macro, since after a vfork we are running 511 ** two processes on the same stack!!! 512 ** 513 ** Parameters: 514 ** none. 515 ** 516 ** Returns: 517 ** From a macro??? You've got to be kidding! 518 ** 519 ** Side Effects: 520 ** Modifies the ==> LOCAL <== variable 'pid', leaving: 521 ** pid of child in parent, zero in child. 522 ** -1 on unrecoverable error. 523 ** 524 ** Notes: 525 ** I'm awfully sorry this looks so awful. That's 526 ** vfork for you..... 527 */ 528 529 # define NFORKTRIES 5 530 # ifdef VMUNIX 531 # define XFORK vfork 532 # else VMUNIX 533 # define XFORK fork 534 # endif VMUNIX 535 536 # define DOFORK(fORKfN) \ 537 {\ 538 register int i;\ 539 \ 540 for (i = NFORKTRIES; --i >= 0; )\ 541 {\ 542 pid = fORKfN();\ 543 if (pid >= 0)\ 544 break;\ 545 if (i > 0)\ 546 sleep((unsigned) NFORKTRIES - i);\ 547 }\ 548 } 549 /* 550 ** DOFORK -- simple fork interface to DOFORK. 551 ** 552 ** Parameters: 553 ** none. 554 ** 555 ** Returns: 556 ** pid of child in parent. 557 ** zero in child. 558 ** -1 on error. 559 ** 560 ** Side Effects: 561 ** returns twice, once in parent and once in child. 562 */ 563 564 dofork() 565 { 566 register int pid; 567 568 DOFORK(fork); 569 return (pid); 570 } 571 /* 572 ** SENDOFF -- send off call to mailer & collect response. 573 ** 574 ** Parameters: 575 ** e -- the envelope to mail. 576 ** m -- mailer descriptor. 577 ** pvp -- parameter vector to send to it. 578 ** ctladdr -- an address pointer controlling the 579 ** user/groupid etc. of the mailer. 580 ** 581 ** Returns: 582 ** exit status of mailer. 583 ** 584 ** Side Effects: 585 ** none. 586 */ 587 static 588 sendoff(e, m, pvp, ctladdr) 589 register ENVELOPE *e; 590 MAILER *m; 591 char **pvp; 592 ADDRESS *ctladdr; 593 { 594 auto FILE *mfile; 595 auto FILE *rfile; 596 register int i; 597 int pid; 598 599 /* 600 ** Create connection to mailer. 601 */ 602 603 pid = openmailer(m, pvp, ctladdr, FALSE, &mfile, &rfile); 604 if (pid < 0) 605 return (-1); 606 607 /* 608 ** Format and send message. 609 */ 610 611 putfromline(mfile, m); 612 (*e->e_puthdr)(mfile, m, e); 613 putline("\n", mfile, m); 614 (*e->e_putbody)(mfile, m, e); 615 (void) fclose(mfile); 616 617 i = endmailer(pid, pvp[0]); 618 619 /* arrange a return receipt if requested */ 620 if (e->e_receiptto != NULL && bitnset(M_LOCAL, m->m_flags)) 621 { 622 e->e_flags |= EF_SENDRECEIPT; 623 /* do we want to send back more info? */ 624 } 625 626 return (i); 627 } 628 /* 629 ** ENDMAILER -- Wait for mailer to terminate. 630 ** 631 ** We should never get fatal errors (e.g., segmentation 632 ** violation), so we report those specially. For other 633 ** errors, we choose a status message (into statmsg), 634 ** and if it represents an error, we print it. 635 ** 636 ** Parameters: 637 ** pid -- pid of mailer. 638 ** name -- name of mailer (for error messages). 639 ** 640 ** Returns: 641 ** exit code of mailer. 642 ** 643 ** Side Effects: 644 ** none. 645 */ 646 647 endmailer(pid, name) 648 int pid; 649 char *name; 650 { 651 int st; 652 653 /* in the IPC case there is nothing to wait for */ 654 if (pid == 0) 655 return (EX_OK); 656 657 /* wait for the mailer process to die and collect status */ 658 st = waitfor(pid); 659 if (st == -1) 660 { 661 syserr("endmailer %s: wait", name); 662 return (EX_SOFTWARE); 663 } 664 665 /* see if it died a horrid death */ 666 if ((st & 0377) != 0) 667 { 668 syserr("mailer %s died with signal %o", name, st); 669 ExitStat = EX_TEMPFAIL; 670 return (EX_TEMPFAIL); 671 } 672 673 /* normal death -- return status */ 674 st = (st >> 8) & 0377; 675 return (st); 676 } 677 /* 678 ** OPENMAILER -- open connection to mailer. 679 ** 680 ** Parameters: 681 ** m -- mailer descriptor. 682 ** pvp -- parameter vector to pass to mailer. 683 ** ctladdr -- controlling address for user. 684 ** clever -- create a full duplex connection. 685 ** pmfile -- pointer to mfile (to mailer) connection. 686 ** prfile -- pointer to rfile (from mailer) connection. 687 ** 688 ** Returns: 689 ** pid of mailer ( > 0 ). 690 ** -1 on error. 691 ** zero on an IPC connection. 692 ** 693 ** Side Effects: 694 ** creates a mailer in a subprocess. 695 */ 696 697 openmailer(m, pvp, ctladdr, clever, pmfile, prfile) 698 MAILER *m; 699 char **pvp; 700 ADDRESS *ctladdr; 701 bool clever; 702 FILE **pmfile; 703 FILE **prfile; 704 { 705 int pid; 706 int mpvect[2]; 707 int rpvect[2]; 708 FILE *mfile; 709 FILE *rfile; 710 extern FILE *fdopen(); 711 712 # ifdef DEBUG 713 if (tTd(11, 1)) 714 { 715 printf("openmailer:"); 716 printav(pvp); 717 } 718 # endif DEBUG 719 errno = 0; 720 721 CurHostName = m->m_mailer; 722 723 /* 724 ** Deal with the special case of mail handled through an IPC 725 ** connection. 726 ** In this case we don't actually fork. We must be 727 ** running SMTP for this to work. We will return a 728 ** zero pid to indicate that we are running IPC. 729 ** We also handle a debug version that just talks to stdin/out. 730 */ 731 732 #ifdef DEBUG 733 /* check for Local Person Communication -- not for mortals!!! */ 734 if (strcmp(m->m_mailer, "[LPC]") == 0) 735 { 736 *pmfile = stdout; 737 *prfile = stdin; 738 return (0); 739 } 740 #endif DEBUG 741 742 if (strcmp(m->m_mailer, "[IPC]") == 0) 743 { 744 #ifdef HOSTINFO 745 register STAB *st; 746 extern STAB *stab(); 747 #endif HOSTINFO 748 #ifdef DAEMON 749 register int i, j; 750 register u_short port; 751 752 CurHostName = pvp[1]; 753 if (!clever) 754 syserr("non-clever IPC"); 755 if (pvp[2] != NULL) 756 port = atoi(pvp[2]); 757 else 758 port = 0; 759 for (j = 0; j < Nmx; j++) 760 { 761 CurHostName = MxHosts[j]; 762 #ifdef HOSTINFO 763 /* see if we have already determined that this host is fried */ 764 st = stab(MxHosts[j], ST_HOST, ST_FIND); 765 if (st == NULL || st->s_host.ho_exitstat == EX_OK) { 766 if (j > 1) 767 message(Arpa_Info, 768 "Connecting to %s (%s)...", 769 MxHosts[j], m->m_name); 770 i = makeconnection(MxHosts[j], port, pmfile, prfile); 771 } 772 else 773 { 774 i = st->s_host.ho_exitstat; 775 errno = st->s_host.ho_errno; 776 } 777 #else HOSTINFO 778 i = makeconnection(MxHosts[j], port, pmfile, prfile); 779 #endif HOSTINFO 780 if (i != EX_OK) 781 { 782 #ifdef HOSTINFO 783 /* enter status of this host */ 784 if (st == NULL) 785 st = stab(MxHosts[j], ST_HOST, ST_ENTER); 786 st->s_host.ho_exitstat = i; 787 st->s_host.ho_errno = errno; 788 #endif HOSTINFO 789 ExitStat = i; 790 continue; 791 } 792 else 793 return (0); 794 } 795 return (-1); 796 #else DAEMON 797 syserr("openmailer: no IPC"); 798 return (-1); 799 #endif DAEMON 800 } 801 802 /* create a pipe to shove the mail through */ 803 if (pipe(mpvect) < 0) 804 { 805 syserr("openmailer: pipe (to mailer)"); 806 return (-1); 807 } 808 809 #ifdef SMTP 810 /* if this mailer speaks smtp, create a return pipe */ 811 if (clever && pipe(rpvect) < 0) 812 { 813 syserr("openmailer: pipe (from mailer)"); 814 (void) close(mpvect[0]); 815 (void) close(mpvect[1]); 816 return (-1); 817 } 818 #endif SMTP 819 820 /* 821 ** Actually fork the mailer process. 822 ** DOFORK is clever about retrying. 823 ** 824 ** Dispose of SIGCHLD signal catchers that may be laying 825 ** around so that endmail will get it. 826 */ 827 828 if (CurEnv->e_xfp != NULL) 829 (void) fflush(CurEnv->e_xfp); /* for debugging */ 830 (void) fflush(stdout); 831 # ifdef SIGCHLD 832 (void) signal(SIGCHLD, SIG_DFL); 833 # endif SIGCHLD 834 DOFORK(XFORK); 835 /* pid is set by DOFORK */ 836 if (pid < 0) 837 { 838 /* failure */ 839 syserr("openmailer: cannot fork"); 840 (void) close(mpvect[0]); 841 (void) close(mpvect[1]); 842 #ifdef SMTP 843 if (clever) 844 { 845 (void) close(rpvect[0]); 846 (void) close(rpvect[1]); 847 } 848 #endif SMTP 849 return (-1); 850 } 851 else if (pid == 0) 852 { 853 int i; 854 extern int DtableSize; 855 856 /* child -- set up input & exec mailer */ 857 /* make diagnostic output be standard output */ 858 (void) signal(SIGINT, SIG_IGN); 859 (void) signal(SIGHUP, SIG_IGN); 860 (void) signal(SIGTERM, SIG_DFL); 861 862 /* arrange to filter standard & diag output of command */ 863 if (clever) 864 { 865 (void) close(rpvect[0]); 866 (void) close(1); 867 (void) dup(rpvect[1]); 868 (void) close(rpvect[1]); 869 } 870 else if (OpMode == MD_SMTP || HoldErrs) 871 { 872 /* put mailer output in transcript */ 873 (void) close(1); 874 (void) dup(fileno(CurEnv->e_xfp)); 875 } 876 (void) close(2); 877 (void) dup(1); 878 879 /* arrange to get standard input */ 880 (void) close(mpvect[1]); 881 (void) close(0); 882 if (dup(mpvect[0]) < 0) 883 { 884 syserr("Cannot dup to zero!"); 885 _exit(EX_OSERR); 886 } 887 (void) close(mpvect[0]); 888 if (!bitnset(M_RESTR, m->m_flags)) 889 { 890 if (ctladdr == NULL || ctladdr->q_uid == 0) 891 { 892 (void) setgid(DefGid); 893 (void) setuid(DefUid); 894 } 895 else 896 { 897 (void) setgid(ctladdr->q_gid); 898 (void) setuid(ctladdr->q_uid); 899 } 900 } 901 902 /* arrange for all the files to be closed */ 903 for (i = 3; i < DtableSize; i++) { 904 register int j; 905 if ((j = fcntl(i, F_GETFD, 0)) != -1) 906 (void)fcntl(i, F_SETFD, j|1); 907 } 908 909 /* try to execute the mailer */ 910 execve(m->m_mailer, pvp, UserEnviron); 911 syserr("Cannot exec %s", m->m_mailer); 912 if (m == LocalMailer || errno == EIO || errno == EAGAIN || 913 errno == ENOMEM || errno == EPROCLIM) 914 _exit(EX_TEMPFAIL); 915 else 916 _exit(EX_UNAVAILABLE); 917 } 918 919 /* 920 ** Set up return value. 921 */ 922 923 (void) close(mpvect[0]); 924 mfile = fdopen(mpvect[1], "w"); 925 if (clever) 926 { 927 (void) close(rpvect[1]); 928 rfile = fdopen(rpvect[0], "r"); 929 } 930 931 *pmfile = mfile; 932 *prfile = rfile; 933 934 return (pid); 935 } 936 /* 937 ** GIVERESPONSE -- Interpret an error response from a mailer 938 ** 939 ** Parameters: 940 ** stat -- the status code from the mailer (high byte 941 ** only; core dumps must have been taken care of 942 ** already). 943 ** m -- the mailer descriptor for this mailer. 944 ** 945 ** Returns: 946 ** none. 947 ** 948 ** Side Effects: 949 ** Errors may be incremented. 950 ** ExitStat may be set. 951 */ 952 953 giveresponse(stat, m, e) 954 int stat; 955 register MAILER *m; 956 ENVELOPE *e; 957 { 958 register char *statmsg; 959 extern char *SysExMsg[]; 960 register int i; 961 extern int N_SysEx, h_errno; 962 char buf[MAXLINE]; 963 964 #ifdef lint 965 if (m == NULL) 966 return; 967 #endif lint 968 969 /* 970 ** Compute status message from code. 971 */ 972 973 i = stat - EX__BASE; 974 if (stat == 0) 975 statmsg = "250 Sent"; 976 else if (i < 0 || i > N_SysEx) 977 { 978 (void) sprintf(buf, "554 unknown mailer error %d", stat); 979 stat = EX_UNAVAILABLE; 980 statmsg = buf; 981 } 982 else if (stat == EX_TEMPFAIL) 983 { 984 (void) strcpy(buf, SysExMsg[i]); 985 if (h_errno == TRY_AGAIN) 986 { 987 extern char *errstring(); 988 989 statmsg = errstring(h_errno+MAX_ERRNO); 990 } 991 else 992 { 993 if (errno != 0) 994 { 995 extern char *errstring(); 996 997 statmsg = errstring(errno); 998 } 999 else 1000 { 1001 #ifdef SMTP 1002 extern char SmtpError[]; 1003 1004 statmsg = SmtpError; 1005 #else SMTP 1006 statmsg = NULL; 1007 #endif SMTP 1008 } 1009 } 1010 if (statmsg != NULL && statmsg[0] != '\0') 1011 { 1012 (void) strcat(buf, ": "); 1013 (void) strcat(buf, statmsg); 1014 } 1015 statmsg = buf; 1016 } 1017 else 1018 { 1019 statmsg = SysExMsg[i]; 1020 } 1021 1022 /* 1023 ** Print the message as appropriate 1024 */ 1025 1026 if (stat == EX_OK || stat == EX_TEMPFAIL) 1027 message(Arpa_Info, &statmsg[4]); 1028 else 1029 { 1030 Errors++; 1031 usrerr(statmsg); 1032 } 1033 1034 /* 1035 ** Final cleanup. 1036 ** Log a record of the transaction. Compute the new 1037 ** ExitStat -- if we already had an error, stick with 1038 ** that. 1039 */ 1040 1041 if (LogLevel > ((stat == 0 || stat == EX_TEMPFAIL) ? 3 : 2)) 1042 logdelivery(&statmsg[4]); 1043 1044 if (stat != EX_TEMPFAIL) 1045 setstat(stat); 1046 if (stat != EX_OK) 1047 { 1048 if (e->e_message != NULL) 1049 free(e->e_message); 1050 e->e_message = newstr(&statmsg[4]); 1051 } 1052 errno = 0; 1053 h_errno = 0; 1054 } 1055 /* 1056 ** LOGDELIVERY -- log the delivery in the system log 1057 ** 1058 ** Parameters: 1059 ** stat -- the message to print for the status 1060 ** 1061 ** Returns: 1062 ** none 1063 ** 1064 ** Side Effects: 1065 ** none 1066 */ 1067 1068 logdelivery(stat) 1069 char *stat; 1070 { 1071 extern char *pintvl(); 1072 1073 # ifdef LOG 1074 syslog(LOG_INFO, "%s: to=%s, delay=%s, stat=%s", CurEnv->e_id, 1075 CurEnv->e_to, pintvl(curtime() - CurEnv->e_ctime, TRUE), stat); 1076 # endif LOG 1077 } 1078 /* 1079 ** PUTFROMLINE -- output a UNIX-style from line (or whatever) 1080 ** 1081 ** This can be made an arbitrary message separator by changing $l 1082 ** 1083 ** One of the ugliest hacks seen by human eyes is contained herein: 1084 ** UUCP wants those stupid "remote from <host>" lines. Why oh why 1085 ** does a well-meaning programmer such as myself have to deal with 1086 ** this kind of antique garbage???? 1087 ** 1088 ** Parameters: 1089 ** fp -- the file to output to. 1090 ** m -- the mailer describing this entry. 1091 ** 1092 ** Returns: 1093 ** none 1094 ** 1095 ** Side Effects: 1096 ** outputs some text to fp. 1097 */ 1098 1099 putfromline(fp, m) 1100 register FILE *fp; 1101 register MAILER *m; 1102 { 1103 char *template = "\001l\n"; 1104 char buf[MAXLINE]; 1105 1106 if (bitnset(M_NHDR, m->m_flags)) 1107 return; 1108 1109 # ifdef UGLYUUCP 1110 if (bitnset(M_UGLYUUCP, m->m_flags)) 1111 { 1112 char *bang; 1113 char xbuf[MAXLINE]; 1114 1115 expand("\001g", buf, &buf[sizeof buf - 1], CurEnv); 1116 bang = index(buf, '!'); 1117 if (bang == NULL) 1118 syserr("No ! in UUCP! (%s)", buf); 1119 else 1120 { 1121 *bang++ = '\0'; 1122 (void) sprintf(xbuf, "From %s \001d remote from %s\n", bang, buf); 1123 template = xbuf; 1124 } 1125 } 1126 # endif UGLYUUCP 1127 expand(template, buf, &buf[sizeof buf - 1], CurEnv); 1128 putline(buf, fp, m); 1129 } 1130 /* 1131 ** PUTBODY -- put the body of a message. 1132 ** 1133 ** Parameters: 1134 ** fp -- file to output onto. 1135 ** m -- a mailer descriptor to control output format. 1136 ** e -- the envelope to put out. 1137 ** 1138 ** Returns: 1139 ** none. 1140 ** 1141 ** Side Effects: 1142 ** The message is written onto fp. 1143 */ 1144 1145 putbody(fp, m, e) 1146 FILE *fp; 1147 MAILER *m; 1148 register ENVELOPE *e; 1149 { 1150 char buf[MAXLINE]; 1151 1152 /* 1153 ** Output the body of the message 1154 */ 1155 1156 if (e->e_dfp == NULL) 1157 { 1158 if (e->e_df != NULL) 1159 { 1160 e->e_dfp = fopen(e->e_df, "r"); 1161 if (e->e_dfp == NULL) 1162 syserr("Cannot open %s", e->e_df); 1163 } 1164 else 1165 putline("<<< No Message Collected >>>", fp, m); 1166 } 1167 if (e->e_dfp != NULL) 1168 { 1169 rewind(e->e_dfp); 1170 while (!ferror(fp) && fgets(buf, sizeof buf, e->e_dfp) != NULL) 1171 { 1172 if (buf[0] == 'F' && bitnset(M_ESCFROM, m->m_flags) && 1173 strncmp(buf, "From", 4) == 0) 1174 (void) putc('>', fp); 1175 putline(buf, fp, m); 1176 } 1177 1178 if (ferror(e->e_dfp)) 1179 { 1180 syserr("putbody: read error"); 1181 ExitStat = EX_IOERR; 1182 } 1183 } 1184 1185 (void) fflush(fp); 1186 if (ferror(fp) && errno != EPIPE) 1187 { 1188 syserr("putbody: write error"); 1189 ExitStat = EX_IOERR; 1190 } 1191 errno = 0; 1192 } 1193 /* 1194 ** MAILFILE -- Send a message to a file. 1195 ** 1196 ** If the file has the setuid/setgid bits set, but NO execute 1197 ** bits, sendmail will try to become the owner of that file 1198 ** rather than the real user. Obviously, this only works if 1199 ** sendmail runs as root. 1200 ** 1201 ** This could be done as a subordinate mailer, except that it 1202 ** is used implicitly to save messages in ~/dead.letter. We 1203 ** view this as being sufficiently important as to include it 1204 ** here. For example, if the system is dying, we shouldn't have 1205 ** to create another process plus some pipes to save the message. 1206 ** 1207 ** Parameters: 1208 ** filename -- the name of the file to send to. 1209 ** ctladdr -- the controlling address header -- includes 1210 ** the userid/groupid to be when sending. 1211 ** 1212 ** Returns: 1213 ** The exit code associated with the operation. 1214 ** 1215 ** Side Effects: 1216 ** none. 1217 */ 1218 1219 mailfile(filename, ctladdr) 1220 char *filename; 1221 ADDRESS *ctladdr; 1222 { 1223 register FILE *f; 1224 register int pid; 1225 1226 /* 1227 ** Fork so we can change permissions here. 1228 ** Note that we MUST use fork, not vfork, because of 1229 ** the complications of calling subroutines, etc. 1230 */ 1231 1232 DOFORK(fork); 1233 1234 if (pid < 0) 1235 return (EX_OSERR); 1236 else if (pid == 0) 1237 { 1238 /* child -- actually write to file */ 1239 struct stat stb; 1240 1241 (void) signal(SIGINT, SIG_DFL); 1242 (void) signal(SIGHUP, SIG_DFL); 1243 (void) signal(SIGTERM, SIG_DFL); 1244 (void) umask(OldUmask); 1245 if (stat(filename, &stb) < 0) 1246 { 1247 errno = 0; 1248 stb.st_mode = 0666; 1249 } 1250 if (bitset(0111, stb.st_mode)) 1251 exit(EX_CANTCREAT); 1252 if (ctladdr == NULL) 1253 ctladdr = &CurEnv->e_from; 1254 if (!bitset(S_ISGID, stb.st_mode) || setgid(stb.st_gid) < 0) 1255 { 1256 if (ctladdr->q_uid == 0) 1257 (void) setgid(DefGid); 1258 else 1259 (void) setgid(ctladdr->q_gid); 1260 } 1261 if (!bitset(S_ISUID, stb.st_mode) || setuid(stb.st_uid) < 0) 1262 { 1263 if (ctladdr->q_uid == 0) 1264 (void) setuid(DefUid); 1265 else 1266 (void) setuid(ctladdr->q_uid); 1267 } 1268 f = dfopen(filename, "a"); 1269 if (f == NULL) 1270 exit(EX_CANTCREAT); 1271 1272 putfromline(f, ProgMailer); 1273 (*CurEnv->e_puthdr)(f, ProgMailer, CurEnv); 1274 putline("\n", f, ProgMailer); 1275 (*CurEnv->e_putbody)(f, ProgMailer, CurEnv); 1276 putline("\n", f, ProgMailer); 1277 (void) fclose(f); 1278 (void) fflush(stdout); 1279 1280 /* reset ISUID & ISGID bits for paranoid systems */ 1281 (void) chmod(filename, (int) stb.st_mode); 1282 exit(EX_OK); 1283 /*NOTREACHED*/ 1284 } 1285 else 1286 { 1287 /* parent -- wait for exit status */ 1288 int st; 1289 1290 st = waitfor(pid); 1291 if ((st & 0377) != 0) 1292 return (EX_UNAVAILABLE); 1293 else 1294 return ((st >> 8) & 0377); 1295 } 1296 } 1297 /* 1298 ** SENDALL -- actually send all the messages. 1299 ** 1300 ** Parameters: 1301 ** e -- the envelope to send. 1302 ** mode -- the delivery mode to use. If SM_DEFAULT, use 1303 ** the current SendMode. 1304 ** 1305 ** Returns: 1306 ** none. 1307 ** 1308 ** Side Effects: 1309 ** Scans the send lists and sends everything it finds. 1310 ** Delivers any appropriate error messages. 1311 ** If we are running in a non-interactive mode, takes the 1312 ** appropriate action. 1313 */ 1314 1315 sendall(e, mode) 1316 ENVELOPE *e; 1317 char mode; 1318 { 1319 register ADDRESS *q; 1320 bool oldverbose; 1321 int pid; 1322 1323 /* determine actual delivery mode */ 1324 if (mode == SM_DEFAULT) 1325 { 1326 extern bool shouldqueue(); 1327 1328 if (shouldqueue(e->e_msgpriority)) 1329 mode = SM_QUEUE; 1330 else 1331 mode = SendMode; 1332 } 1333 1334 #ifdef DEBUG 1335 if (tTd(13, 1)) 1336 { 1337 printf("\nSENDALL: mode %c, sendqueue:\n", mode); 1338 printaddr(e->e_sendqueue, TRUE); 1339 } 1340 #endif DEBUG 1341 1342 /* 1343 ** Do any preprocessing necessary for the mode we are running. 1344 ** Check to make sure the hop count is reasonable. 1345 ** Delete sends to the sender in mailing lists. 1346 */ 1347 1348 CurEnv = e; 1349 1350 if (e->e_hopcount > MAXHOP) 1351 { 1352 syserr("sendall: too many hops (%d max)", MAXHOP); 1353 return; 1354 } 1355 1356 if (!MeToo) 1357 { 1358 extern ADDRESS *recipient(); 1359 1360 e->e_from.q_flags |= QDONTSEND; 1361 (void) recipient(&e->e_from, &e->e_sendqueue); 1362 } 1363 1364 # ifdef QUEUE 1365 if ((mode == SM_QUEUE || mode == SM_FORK || 1366 (mode != SM_VERIFY && SuperSafe)) && 1367 !bitset(EF_INQUEUE, e->e_flags)) 1368 queueup(e, TRUE, mode == SM_QUEUE); 1369 #endif QUEUE 1370 1371 oldverbose = Verbose; 1372 switch (mode) 1373 { 1374 case SM_VERIFY: 1375 Verbose = TRUE; 1376 break; 1377 1378 case SM_QUEUE: 1379 e->e_flags |= EF_INQUEUE|EF_KEEPQUEUE; 1380 return; 1381 1382 case SM_FORK: 1383 if (e->e_xfp != NULL) 1384 (void) fflush(e->e_xfp); 1385 pid = fork(); 1386 if (pid < 0) 1387 { 1388 mode = SM_DELIVER; 1389 break; 1390 } 1391 else if (pid > 0) 1392 { 1393 /* be sure we leave the temp files to our child */ 1394 e->e_id = e->e_df = NULL; 1395 return; 1396 } 1397 1398 /* double fork to avoid zombies */ 1399 if (fork() > 0) 1400 exit(EX_OK); 1401 1402 /* be sure we are immune from the terminal */ 1403 disconnect(FALSE); 1404 1405 break; 1406 } 1407 1408 /* 1409 ** Run through the list and send everything. 1410 */ 1411 1412 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 1413 { 1414 if (mode == SM_VERIFY) 1415 { 1416 e->e_to = q->q_paddr; 1417 if (!bitset(QDONTSEND|QBADADDR, q->q_flags)) 1418 message(Arpa_Info, "deliverable"); 1419 } 1420 else 1421 (void) deliver(e, q); 1422 } 1423 Verbose = oldverbose; 1424 1425 /* 1426 ** Now run through and check for errors. 1427 */ 1428 1429 if (mode == SM_VERIFY) 1430 return; 1431 1432 for (q = e->e_sendqueue; q != NULL; q = q->q_next) 1433 { 1434 register ADDRESS *qq; 1435 1436 # ifdef DEBUG 1437 if (tTd(13, 3)) 1438 { 1439 printf("Checking "); 1440 printaddr(q, FALSE); 1441 } 1442 # endif DEBUG 1443 1444 /* only send errors if the message failed */ 1445 if (!bitset(QBADADDR, q->q_flags)) 1446 continue; 1447 1448 /* we have an address that failed -- find the parent */ 1449 for (qq = q; qq != NULL; qq = qq->q_alias) 1450 { 1451 char obuf[MAXNAME + 6]; 1452 extern char *aliaslookup(); 1453 1454 /* we can only have owners for local addresses */ 1455 if (!bitnset(M_LOCAL, qq->q_mailer->m_flags)) 1456 continue; 1457 1458 /* see if the owner list exists */ 1459 (void) strcpy(obuf, "owner-"); 1460 if (strncmp(qq->q_user, "owner-", 6) == 0) 1461 (void) strcat(obuf, "owner"); 1462 else 1463 (void) strcat(obuf, qq->q_user); 1464 if (aliaslookup(obuf) == NULL) 1465 continue; 1466 1467 # ifdef DEBUG 1468 if (tTd(13, 4)) 1469 printf("Errors to %s\n", obuf); 1470 # endif DEBUG 1471 1472 /* owner list exists -- add it to the error queue */ 1473 sendtolist(obuf, (ADDRESS *) NULL, &e->e_errorqueue); 1474 ErrorMode = EM_MAIL; 1475 break; 1476 } 1477 1478 /* if we did not find an owner, send to the sender */ 1479 if (qq == NULL && bitset(QBADADDR, q->q_flags)) 1480 sendtolist(e->e_from.q_paddr, qq, &e->e_errorqueue); 1481 } 1482 1483 if (mode == SM_FORK) 1484 finis(); 1485 } 1486